ATM transaction authorization based on user location verification

ABSTRACT

An automated banking machine transaction request is authorized based on a determined location of an authorized user relative to the machine. Identification of an authorized machine user is linked to a remotely locatable item (e.g., a cell phone) of the authorized user. A banking machine receiving the user identification causes the location of the cell phone to be determined. A comparison is then made of the cell phone location and the banking machine location. If the locations correspond, then the current machine user is recognized as the authorized user and machine transactions are permitted. If the locations do not correspond, then the current user is denied transactions at the banking machine. The security arrangement helps prevent an unauthorized person from using a fraudulent card to access a financial account.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.12/806,276 filed Aug. 9, 2010, now U.S. Pat. No. 7,992,777, which is acontinuation of U.S. application Ser. No. 11/370,513 filed Mar. 7, 2006,now U.S. Pat. No. 7,866,544, which both claims benefit pursuant to 35U.S.C. §119(e) of Provisional Application 60/660,070 filed Mar. 9, 2005and is a continuation-in-part of U.S. application Ser. No. 10/832,960filed Apr. 27, 2004, now U.S. Pat. No. 7,118,031, which both claimsbenefit pursuant to 35 U.S.C. §119(e) of Provisional Application60/560,674 filed Apr. 7, 2004 and is a continuation-in-part of U.S.application Ser. No. 10/601,813 filed Jun. 23, 2003, now U.S. Pat. No.7,240,827, which claims benefit pursuant to 35 U.S.C. §119(e) ofProvisional Application 60/429,478 filed Nov. 26, 2002. The disclosureof each of these Applications is herein incorporated by reference.

TECHNICAL FIELD

This invention relates to automated banking machines. Specifically thisinvention relates to automated banking machine apparatus, systems, andmethods.

BACKGROUND ART

Automated banking machines are known. A common type of automated bankingmachine used by consumers is an automated teller machine (“ATM”). ATMsenable customers to carry out banking transactions. Examples of bankingtransactions that are sometimes carried out with ATMs include thedispensing of cash, the making of deposits, the transfer of fundsbetween accounts, the payment of bills, the cashing of checks, thepurchase of money orders, the purchase of stamps, the purchase oftickets, the purchase of phone cards and account balance inquiries. Thetypes of banking transactions a customer can carry out at an ATM aredetermined by the particular banking machine, the system in which it isconnected, and the programming of the machine by the entity responsiblefor its operation.

Other types of automated banking machines may be operated in other typesof environments. For example certain types of automated banking machinesmay be used in a customer service environment. For example serviceproviders may use certain types of automated banking machines forpurposes of counting currency or other items that are received from orwhich are to be given to a customer. Other types of automated bankingmachines may be used to validate items which provide the customer withaccess, value, or privileges such as tickets, vouchers, checks or otherfinancial instruments. Other examples of automated banking machines mayinclude machines which are operative to provide users with the right tomerchandise or services in an attended or a self-service environment.For purposes of this disclosure an automated banking machine shall bedeemed to include any machine that may be operated to carry outtransactions including transfers of value.

Automated banking machines are typically used in environments where theycarry out or support the conduct of transactions. It is desirable tokeep automated banking machines in operation at all appropriate times tothe extent possible. If a machine should experience a fraud attempt, itis useful to detect such attempt and return the machine to service asquickly as possible.

Thus, there exists a need for improvements in the operation,reliability, servicing, and repair of automated banking machines.

DISCLOSURE OF INVENTION

It is an object of an exemplary embodiment of the invention to providean automated banking machine.

It is a further object of an exemplary embodiment of the invention toprovide an automated banking machine which provides for reliableillumination of transaction areas while facilitating servicing of themachine.

It is a further object of an exemplary embodiment of the invention toprovide an automated banking machine that facilitates the detection offraudulent activity which may be attempted at the machine.

It is a further object of an exemplary embodiment of the invention toprovide an automated banking machine which improved capabilities.

It is a further object of an exemplary embodiment of the invention toprovide an automated banking machine which reduces the risk ofunauthorized access to devices and operations of the machine.

It is a further object of an exemplary embodiment of the invention toprovide an automated banking machine with an improved security system.

It is a further object of an exemplary embodiment of the invention toprovide an automated banking machine with a Global Positioning System(GPS).

Further objects of exemplary embodiments will be made apparent in thefollowing Detailed Description of Exemplary Embodiments and the appendedclaims.

The foregoing objects are accomplished in some exemplary embodiments byan automated banking machine which is an ATM. The ATM includes aplurality of transaction function devices. In the exemplary embodimentthe transaction function devices include input and output devices whichare part of a user interface. In the exemplary embodiment thetransaction function devices also include devices for carrying out typesof banking transactions such as a currency dispenser device and adeposit accepting device. The exemplary ATM also includes at least onecomputer which is generally referred to herein as a controller, andwhich is operative to cause the operation of the transaction functiondevices in the machine.

In an exemplary embodiment the ATM includes a housing with a securechest portion and an upper housing area. The chest portion housescertain transaction function devices such as the currency dispenserdevice. The chest portion includes a chest door which is generallysecured but which is capable of being opened when unlocked by authorizedpersons.

In the exemplary embodiment the upper housing area includes a firstportion and a second portion. Access to the first and second portionsare controlled by independently movable first and second fasciaportions. In the exemplary embodiment one or more devices that must bemanipulated in order to unlock the chest door are positioned within thefirst housing area. Access to the first portion of the upper housing iscontrolled by a fascia lock in operative connection with the firstfascia portion.

In some exemplary embodiments during operation of the ATM, thetransaction areas are illuminated to facilitate operation of the machineby users. In an exemplary embodiment the controller of the ATM isoperative to illuminate the transaction areas at those times when theuser would be expected to receive or place items in such transactionareas during the conduct of transactions. This facilitates guiding theuser to the particular transaction area on the machine even when themachine is being operated during daylight hours.

In some exemplary embodiments the capability of illuminating selectedareas of the machine during certain transaction steps may be utilized inconjunction with anti-fraud devices. In an exemplary embodimentanti-fraud devices are used to reduce the risk that an unauthorized cardreading device is installed externally of the machine adjacent to thecard reader slot of the machine fascia. Criminals are sometimesingenious and in the past some have produced reading devices that canintercept magnetic stripe data on cards that are being input to an ATMby a consumer. By intercepting this data, criminals may be able toconduct unauthorized transactions with the consumer's card number. Suchexternal reading devices may be made to appear to be a part of thenormal ATM fascia.

In an exemplary embodiment the housing in surrounding relation of thecard reader slot is illuminated responsive to operation of thecontroller. In some exemplary machines the housing is operative toilluminate an area generally entirely surrounding the slot so as to makeit more readily apparent to a user that an unauthorized modification orattachment to the fascia may have been made.

In some exemplary embodiments during normal operation, the illuminationof the area surrounding the fascia card slot is operative to help toguide the user to the slot during transactions when a user is requiredto input or take their card. The exemplary ATM is provided withradiation sensing devices positioned adjacent to the illuminationdevices that are operative to illuminate the area surrounding the cardreader slot. The exemplary controller is programmed to sense changes inthe magnitude of radiation sensed by the one or more radiation sensingdevices. The installation of an unauthorized card reading device inproximity to the card reading slot generally produces a change in themagnitude of the radiation sensed by the radiation sensing devices. Theexemplary controller is programmed to recognize such changes and to takeappropriate action in response thereto so as to reduce the possibilityof fraud. Such action may include in some exemplary embodiments, themachine sending a status message through a network to a person to benotified of a possible fraud condition. Such actions may also include insome embodiments, warning the user of the machine to look for theinstallation of a possible fraud device. Of course these approaches areexemplary and in other embodiments other approaches may be used.

In some exemplary embodiments sensing devices may be provided inproximity to the keypad used by the customer to provide inputs, such asa personal identification number (PIN). Such sensors may be of theradiation sensing type or other type. Such sensors are adapted to sensethe installation of unauthorized input intercepting devices above oradjacent to the keypad. The sensing of such an unauthorized device maycause an exemplary controller in the machine to give notice of thepotential fraud device and/or to cease or modify the operation of themachine to reduce the risk of interception of customer inputs. In someexemplary embodiments radiation emitting devices used for sensing mayprovide outputs of visible light and may be used to guide a user atappropriate times during transactions to provide inputs to the keypad.

As will be appreciated, the foregoing objects and examples are exemplaryand embodiments of the invention need not meet all or any of theforegoing objects, and need not include all or any of the exemplaryfeatures described above. Additional aspects and embodiments within thescope of the claims may be devised by those having skill in the artbased on the teachings set forth herein.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is an isometric external view of an exemplary automated bankingmachine which is an ATM and which incorporates some aspects and featuresof inventions claimed in the present application.

FIG. 2 is a front plan view of the ATM shown in FIG. 1.

FIG. 3 is a transparent side view showing schematically some internalfeatures of the ATM.

FIG. 4 is a schematic view representative of the software architectureof an exemplary embodiment.

FIG. 5 is a front view showing the fascia portion moved to access afirst portion of an upper housing of the machine.

FIG. 6 is a partially transparent side view showing air flow through anair cooling opening of the machine.

FIG. 7 is an isometric view of the ATM shown in FIG. 1 with thecomponents of the upper housing portion removed.

FIG. 8 is a schematic side view of the housing showing schematically theillumination system for the transaction areas and representing inphantom the movement of the upper fascia portion so as to provide accessfor servicing.

FIG. 9 is a schematic view of an illumination and anti-fraud sensingdevice which bounds a card reader slot of an exemplary embodiment.

FIG. 10 is a schematic side view of an unauthorized card reading devicein operative connection with a housing of the anti-fraud sensor.

FIG. 11 is a schematic view of exemplary logic for purposes of detectingthe presence of an unauthorized card reading device in proximity to thecard reader during operation of the ATM.

FIG. 12 is an exemplary side, cross sectional view of an ATM keypad.

FIG. 13 is a schematic representation of a sensor for sensing whether anunauthorized key input sensing device has been placed adjacent to thekeypad.

FIG. 14 is a view of a keypad similar to FIG. 12 but with anunauthorized key input sensing device attached.

FIG. 15 is a schematic representation similar to FIG. 13, butrepresenting the change in reflected radiation resulting from theattachment of the unauthorized key input sensing device.

FIG. 16 shows an automated banking machine security arrangement.

FIG. 17 shows an arrangement for comparing GPS location data to storedlocation data.

FIG. 18 shows an ATM with GPS.

FIG. 19 shows a database portion.

FIG. 20 shows a service provider, database, and requester arrangement.

FIG. 21 shows a flowchart of a service process.

FIG. 22 shows a fraud prevention service arrangement.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Referring now to the drawings and particularly to FIG. 1, there is showntherein an exemplary embodiment of an automated banking machinegenerally indicated 10. In the exemplary embodiment automated bankingmachine 10 is a drive up ATM, however the features described and claimedherein are not necessarily limited to ATMs of this type. The exemplaryATM includes a housing 12. Housing 12 includes an upper housing area 14and a secure chest area 16 in a lower portion of the housing. Access tothe chest area 16 is controlled by a chest door 18 which when unlockedby authorized persons in the manner later explained, enables gainingaccess to the interior of the chest area.

The exemplary ATM 10 further includes a first fascia portion 20 and asecond fascia portion 22. Each of the fascia portions is movably mountedrelative to the housing as later explained, which in the exemplaryembodiment facilitates servicing.

The ATM includes a user interface generally indicated 24. The exemplaryuser interface includes input devices such as a card reader 26 (shown inFIG. 3) which is in connection with a card reader slot 28 which extendsin the second fascia portion. Other input devices of the exemplary userinterface 24 include function keys 30 and a keypad 32. The exemplary ATM10 also includes a camera 34 which also may serve as an input device forbiometric features and the like. The exemplary user interface 24 alsoincludes output devices such as a display 36. Display 36 is viewable byan operator of the machine when the machine is in the operativecondition through an opening 38 in the second fascia portion 22. Furtheroutput devices in the exemplary user interface include a speaker 40. Aheadphone jack 42 also serves as an output device. The headphone jackmay be connected to a headphone provided by a user who is visuallyimpaired to provide the user with voice guidance in the operation of themachine. The exemplary machine further includes a receipt printer 44(see FIG. 3) which is operative to provide users of the machine withreceipts for transactions conducted. Transaction receipts are providedto users through a receipt delivery slot 46 which extends through thesecond fascia portion. Exemplary receipt printers that may be used insome embodiments are shown in U.S. Pat. No. 5,729,379 and U.S. Pat. No.5,850,075, the disclosures of which are incorporated by referenceherein. It should be understood that these input and output devices ofthe user interface 24 are exemplary and in other embodiments, other ordifferent input and output devices may be used.

In the exemplary embodiment the second fascia portion has includedthereon a deposit envelope providing opening 48. Deposit envelopes maybe provided from the deposit envelope providing opening to users who mayplace deposits in the machine. The second fascia portion 20 alsoincludes a fascia lock 50. Fascia lock 50 is in operative connectionwith the second fascia portion and limits access to the portion of theinterior of the upper housing behind the fascia to authorized persons.In the exemplary embodiment fascia lock 50 comprises a key type lock.However, in other embodiments other types of locking mechanisms may beused. Such other types of locking mechanisms may include for example,other types of mechanical and electronic locks that are opened inresponse to items, inputs, signals, conditions, actions or combinationsor multiples thereof.

The exemplary ATM 10 further includes a delivery area 52. Delivery area52 is in connection with a currency dispenser device 54 which isalternatively referred to herein as a cash dispenser, which ispositioned in the chest portion and is shown schematically in FIG. 3.The delivery area 52 is a transaction area on the machine in whichcurrency sheets are delivered to a user. In the exemplary embodiment thedelivery area 52 is positioned and extends within a recessed pocket 56in the housing of the machine.

ATM 10 further includes a deposit acceptance area 58. Deposit acceptancearea is an area through which deposits such as deposit envelopes to bedeposited by users are placed in the machine. The deposit acceptancearea 58 is in operative connection with a deposit accepting devicepositioned in the chest area 16 of the ATM. Exemplary types of depositaccepting devices are shown in U.S. Pat. No. 4,884,769 and U.S. Pat. No.4,597,330, the disclosures of which are incorporated herein byreference.

In the exemplary embodiment the deposit acceptance area serves as atransaction area of the machine and is positioned and extends within arecessed pocket 60. It should be understood that while the exemplaryembodiment of ATM 10 includes an envelope deposit accepting device and acurrency sheet dispenser device, other or different types of transactionfunction devices may be included in automated banking machines anddevices encompassed by the present invention. These may include forexample, check and/or money order accepting devices, ticket acceptingdevices, stamp accepting devices, card dispensing devices, money orderdispensing devices and other types of devices which are operative tocarry out transaction functions.

In the exemplary embodiment the ATM 10 includes certain illuminatingdevices which are used to illuminate transaction areas, some of whichare later discussed in detail. First fascia portion 20 includes anillumination panel 62 for illuminating the deposit envelope providingopening. Second fascia portion 22 includes an illumination panel 64 forilluminating the area of the receipt delivery slot 46 and the cardreader slot 28. Further, an illuminated housing 66 later discussed indetail, bounds the card reader slot 28. Also, in the exemplaryembodiment an illuminating window 68 is positioned in the recessedpocket 56 of the delivery area 52. An illuminating window 70 ispositioned in the recessed pocket 60 of the deposit acceptance area 58.It should be understood that these structures and features are exemplaryand in other embodiments other structures and features may be used.

As schematically represented in FIG. 3, the ATM 10 includes one or moreinternal computers. Such internal computers include one or moreprocessors. Such processors may be in operative connection with one ormore data stores. In some embodiments processors may be located oncertain devices within the ATM so as to individually control theoperation thereof. Examples such as multi-tiered processor systems areshown in U.S. Pat. No. 6,264,101 and U.S. Pat. No. 6,131,809, thedisclosures of which are incorporated herein by reference.

For purposes of simplicity, the exemplary embodiment will be describedas having a single controller which controls the operation of deviceswithin the machine. However it should be understood that such referenceshall be construed to encompass multicontroller and multiprocessorsystems as may be appropriate in controlling the operation of aparticular machine. In FIG. 3 the controller is schematicallyrepresented 72. Also as schematically represented, the controller is inoperative connection with one or more data stores 78. Such data storesin exemplary embodiments are operative to store program instructions,values and other information used in the operation of the machine.Although the controller is schematically shown in the upper housingportion of ATM 10, it should be understood that in alternativeembodiments controllers may be located within various portions of theautomated banking machine.

In order to conduct transactions the exemplary ATM 10 communicates withremote computers. The remote computers are operative to exchangemessages with the machine and authorize and record the occurrence ofvarious transactions. This is represented in FIG. 3 by the communicationof the machine through a network with a bank 78, which has at least onecomputer which is operative to exchange messages with the ATM through anetwork. For example, the bank 78 may receive one or more messages fromthe ATM requesting authorization to allow a customer to withdraw $200from the customer's account. The remote computer at the bank 78 willoperate to determine that such a withdrawal is authorized and willreturn one or more messages to the machine through the networkauthorizing the transaction. After the ATM conducts the transaction, theATM will generally send one or more messages back through the network tothe bank indicating that the transaction was successfully carried out.Of course these messages are merely exemplary.

It should be understood that in some embodiments the ATM may communicatewith other entities and through various networks. For example asschematically represented in FIG. 3, the ATM will communicate withcomputers operated by service providers 80. Such service providers maybe entities to be notified of status conditions or malfunctions of theATM as well as entities who are to be notified of corrective actions. Anexample of such a system for accomplishing this is shown in U.S. Pat.No. 5,984,178, the disclosure of which is incorporated herein byreference. Other third parties who may receive notifications fromexemplary ATMs include entities responsible for delivering currency tothe machine to assure that the currency supplies are not depleted. Otherentities may be responsible for removing deposit items from the machine.Alternative entities that may be notified of actions at the machine mayinclude entities which hold marketing data concerning consumers and whoprovide messages which correspond to marketing messages to be presentedto consumers. Various types of messages may be provided to remotesystems and entities by the machine depending on the capabilities of themachines in various embodiments and the types of transactions beingconducted.

FIG. 4 shows schematically an exemplary software architecture which maybe operative in the controller 72 of machine 10. The exemplary softwarearchitecture includes an operating system such as for example Microsoft®Windows, IBM OS/2® or Linux. The exemplary software architecture alsoincludes an ATM application 82. The exemplary application includes theinstructions for the operation of the automated banking machine and mayinclude, for example, an Agilis™ 91× application that is commerciallyavailable from Diebold, Incorporated which is a cross vendor softwareapplication for operating ATMs. Further examples of softwareapplications which may be used in some embodiments is shown in U.S. Pat.Nos. 6,289,320 and 6,505,177, the disclosures of which are incorporatedherein by reference.

In the exemplary embodiment middleware software schematically indicated84 is operative in the controller. In the exemplary embodiment themiddleware software operates to compensate for differences betweenvarious types of automated banking machines and transaction functiondevices used therein. The use of a middleware layer enables the moreready use of an identical software application on various types of ATMhardware. In the exemplary embodiment the middleware layer may beInvolve® software which is commercially available from Nexus Software, awholly owned subsidiary of the assignee of the present invention.

The exemplary software architecture further includes a diagnostics layer86. The diagnostics layer 86 is operative as later explained to enableaccessing and performing various diagnostic functions of the deviceswithin the ATM. In the exemplary embodiment the diagnostics operate inconjunction with a browser schematically indicated 88.

The exemplary software architecture further includes a service providerlayer schematically indicated 90. The service provider layer may includesoftware such as WOSA XFS service providers for J/XFS service providerswhich present a standardized interface to the software layers above andwhich facilitate the development of software which can be used inconjunction with different types of ATM hardware. Of course thissoftware architecture is exemplary and in other embodiments otherarchitectures may be used.

As schematically represented in FIG. 4, a controller 72 is in operativeconnection with at least one communications bus 92. The communicationsbus may in some exemplary embodiments be a universal serial bus (USB) orother standard or nonstandard type of bus architecture. Thecommunications bus 92 is schematically shown in operative connectionwith transaction function devices 94. The transaction function devicesinclude devices in the ATM which are used to carry out transactions.These may include for example the currency dispenser device 54, cardreader 26, receipt printer 44, keypad 32, as well as numerous otherdevices which are operative in the machine and controlled by thecontroller to carry out transactions. In the exemplary embodiment one ofthe transaction function devices in operative connection with thecontroller is a diagnostic article reading device 96 which may beoperative to read a diagnostic article schematically indicated 98 whichmay provide software instructions useful in servicing the machine.Alternatively and/or in addition, provision may be made for connectingthe bus 92 or other devices in the machine computer device 100 which maybe useful in performing testing or diagnostic activities related to theATM.

In the exemplary embodiment of ATM 10 the first fascia portion 20 andthe second fascia portion 22 are independently movably mounted on theATM housing 12. This is accomplished through the use of hinges attachedto fascia portion 20. The opening of the fascia lock 50 on the firstfascia portion 20 enables the first fascia portion to be moved to anopen position as shown in FIG. 5. In the open position of the firstfascia portion an authorized user is enabled to gain access to a firstportion 102 in the upper housing area 14. In the exemplary embodimentthere is located within the first portion 102 a chest lock input device104. In this embodiment the chest lock input device comprises a manualcombination lock dial, electronic lock dial or other suitable inputdevice through which a combination or other unlocking inputs or articlesmay be provided. In this embodiment, input of a proper combinationenables the chest door 18 to be moved to an open position by rotatingthe door about hinges 106. In the exemplary embodiment the chest door isopened once the proper combination has been input by manipulating alocking lever 108 which is in operative connection with a boltwork. Theboltwork which is not specifically shown, is operative to hold the chestdoor in a locked position until the proper combination is input. Uponinput of the correct combination the locking lever enables movement ofthe boltwork so that the chest door can be opened. The boltwork alsoenables the chest door to be held locked after the activities in thechest portion have been conducted and the chest door is returned to theclosed position. Of course in other embodiments other types ofmechanical or electrical locking mechanisms may be used. In theexemplary embodiment the chest lock input device 104 is in supportingconnection with a generally horizontally extending dividing wall 110which separates the chest portion from the upper housing portion. Ofcourse this housing structure is exemplary and in other embodimentsother approaches may be used.

An authorized servicer who needs to gain access to an item, component ordevice of the ATM located in the chest area may do so by opening thefascia lock and moving the first fascia portion 20 so that the area 102becomes accessible. Thereafter the authorized servicer may access andmanipulate the chest lock input device to receive one or more inputs,which if appropriate enables unlocking of the chest door 18. The chestdoor may thereafter be moved relative to the housing and about itshinges 106 to enable the servicer to gain access to items, devices orcomponents within the chest. These activities may include for exampleadding or removing currency, removing deposited items such as envelopesor checks, or repairing mechanisms or electrical devices that operate toenable the machine to accept deposited items or to dispense currency.When servicing activity within the chest is completed, the chest doormay be closed and the locking lever 108 moved so as to secure theboltwork holding the chest door in a closed position. Of course thisstructure and service method is exemplary and in other embodiments otherapproaches may be used.

In the exemplary embodiment the second fascia portion 22 is also movablerelative to the housing of the machine. In the exemplary embodiment thesecond fascia portion 22 is movable in supporting connection with arollout tray 112 schematically shown in FIG. 3. The rollout tray isoperative to support components of the user interface thereon as well asthe second fascia portion. The rollout tray enables the second fasciaportion to move outward relative to the ATM housing thereby exposingcomponents and transaction function devices supported on the tray andproviding access to a second portion 114 within the upper housing andpositioned behind the second fascia portion. Thus as can be appreciated,when the second fascia portion is moved outward, the components on thetray are disposed outside the housing of the machine so as to facilitateservicing, adjustment and/or replacement of such components. Furthercomponents which remain positioned within the housing of the machine asthe rollout tray is extended become accessible in the second portion asthe second fascia portion 22 is disposed outward and away from thehousing.

In the exemplary embodiment the rollout tray 112 is in operativeconnection with a releasible locking device. The locking device isgenerally operative to hold the tray in a retracted position such thatthe second fascia portion remains in an operative position adjacent tothe upper housing area as shown in FIGS. 1, 2 and 3. This releasiblelocking mechanism may comprise one or more forms of locking typedevices. In the exemplary embodiment the releasible locking mechanismmay be released by manipulation of an actuator 116 which is accessibleto an authorized user in the first portion 102 of the upper housing 14.As a result an authorized servicer of the machine is enabled to move thesecond fascia portion outward for servicing by first accessing portion102 in the manner previously discussed. Thereafter by manipulating theactuator 116 the second fascia portion is enabled to move outward asshown in phantom in FIG. 8 so as to facilitate servicing components onthe rollout tray. Such components may include for example a printer orcard reader. After such servicing the second fascia portion may be movedtoward the housing so as to close the second portion 114. Such movementin the exemplary embodiment causes the rollout tray to be latched andheld in the retracted position without further manipulation of theactuator. However, in other embodiments other types of lockingmechanisms may be used to secure the rollout tray in the retractedposition. It should be understood that this approach is exemplary and inother embodiments other approaches may be used.

As best shown in FIG. 7 in which the components supported in the upperhousing are not shown, the delivery area 52 and the deposit acceptancearea 58 are in supporting connection with the chest door 18. As suchwhen the chest door 18 is opened, the delivery area 52 and the depositacceptance area 58 will move relative to the housing of the machine. Theexemplary embodiment shown facilitates servicing of the machine byproviding for the illumination for the transaction areas by illuminationsources positioned in supporting connection with the rollout tray 112.As best shown in FIG. 6, these illumination sources 118 are movable withthe rollout tray and illuminate in generally a downward direction. Inthe operative position of the second fascia portion 22 and the chestdoor 18, the illumination sources are generally aligned with apertures120 and 122 which extend through the top of a cover 124 which generallysurrounds the recessed pockets 60 and 56. As shown in FIG. 10 aperture120 is generally vertically aligned with window 68 and aperture 122 isgenerally aligned with window 70. In an exemplary embodiment apertures120 and 122 each have a translucent or transparent lens positionedtherein to minimize the risk of the introduction of dirt or othercontaminants into the interior of the cover 124.

As can be appreciated from FIGS. 6 and 8, when the chest door 18 isclosed and the second fascia portion 22 is moved to the operativeposition, the illumination sources 118 are positioned in generallyaligned relation with apertures 120 and 122. As a result theillumination of the illumination devices is operative to cause light tobe transmitted through the respective aperture and to illuminate thetransaction area within the corresponding recessed pocket.

In operation of an exemplary embodiment, the controller executesprogrammed instructions so as to initiate illumination of eachtransaction area at appropriate times during the conduct oftransactions. For example in the exemplary embodiment if the user isconducting a cash withdrawal transaction, the controller may initiateillumination of the delivery area 52 when the cash is delivered thereinand is available to be taken by a user. Such illumination draws theuser's attention to the need to remove the cash and will point out tothe user that the cash is ready to be taken. In the exemplary embodimentthe controller is programmed so that when the user takes the cash themachine will move to the next transaction step. After the cash is sensedas taken, the controller may operate to cease illumination of thedelivery area 56. Of course these approaches are exemplary.

Likewise in an exemplary embodiment if a user of the machine indicatesthat they wish to conduct a deposit transaction, the controller maycause the machine to operate to initiate illumination of the depositacceptance area 58. The user's attention is drawn to the place wherethey must insert the deposit envelope in order to have it be accepted inthe machine. In the exemplary embodiment the controller may operate toalso illuminate the illumination panel 62 to illuminate the depositenvelope providing opening 48 so that the user is also made aware of thelocation from which a deposit envelope may be provided. In an exemplaryembodiment the controller may operate to cease illumination through thewindow 70 and/or the illumination panel 62 after the deposit envelope isindicated as being sensed within the machine.

In alternative embodiments other approaches may be taken. This mayinclude for example drawing the customer's attention to the particulartransaction area by changing the nature of the illumination in therecessed pocket to which the customer's attention is to be drawn. Thismay be done for example by changing the intensity of the light, flashingthe light, changing the color of the light or doing other actions whichmay draw a user's attention to the appropriate transaction area.Alternatively or in addition, a sound emitter, vibration, projectingpins or other indicator may be provided for visually impaired users soas to indicate to them the appropriate transaction area to which thecustomer's attention is to be drawn. Of course these approaches areexemplary and in other embodiments other approaches may be used.

As previously discussed the exemplary embodiment of ATM 10 is alsooperative to draw a user's attention at appropriate times to the cardreader slot 28. ATM 10 also includes features to minimize the risk ofunauthorized interception of card data by persons who may attempt toinstall a fraud device such as an unauthorized card reading device onthe machine. As shown in FIG. 9, the exemplary card slot 28 extendsthrough a card slot housing 66 which extends in generally surroundingrelation of the card slot. It should be understood that although thehousing 66 generally bounds the entire card slot, in other embodimentsthe principles described herein may be applied by bounding only one ormore sides of a card slot as may be appropriate for detectingunauthorized card reading devices. Further, it should be understood thatwhile the exemplary embodiment is described in connection with a cardreader that accepts a card into the machine, the principles beingdescribed may be applied to types of card readers that do not accept acard into the machine, such as readers where a user draws the cardthrough a slot, inserts and removes a card manually from a slot andother card reading structures.

In the exemplary embodiment the housing 66 includes a plurality ofradiation emitting devices 126. The radiation emitting devices emitvisible radiation which can be perceived by a user of the machine.However, in other embodiments the radiation emitting devices may includedevices which emit nonvisible radiation such as infrared radiation, butwhich nonetheless can be used for sensing the presence of unauthorizedcard reading devices adjacent to the card slot. In the exemplaryembodiment the controller operates to illuminate the radiation emittingdevices 126 at appropriate times during the transaction sequence. Thismay include for example times during transactions when a user isprompted to input the card into the machine or alternatively when a useris prompted to take the card from the card slot 28. In variousembodiments the controller may be programmed to provide solidillumination of the radiation emitting devices or may vary the intensityof the devices as appropriate to draw the user's attention to the cardslot.

In the exemplary embodiment the card slot housing 66 includes thereinone or more radiation sensing devices 128. The radiation sensing devicesare positioned to detect changes in at least one property of theradiation reflected from the emitting devices 126. The sensing devices128 are in operative connection with the controller. The controller isoperative responsive to its programming to compare one or more valuescorresponding to the magnitude and/or other properties of radiationsensed by one or more of the sensors, to one or more stored values andto make a determination whether the comparison is such that there is aprobable unauthorized card reading device installed on the fascia of themachine. In some embodiments the controller may be operative to executefuzzy logic programming for purposes of determining whether the natureof the change in reflected radiation or other detected parameters aresuch that there has been an unauthorized device installed and whetherappropriate personnel should be notified.

FIG. 10 shows a side view of the housing 66. An example of a frauddevice which comprises unauthorized card reading device 130 is shownattached externally to the housing 66. The unauthorized card readingdevice includes a slot 132 generally aligned with slot 128. The device130 also includes a sensor shown schematically as 134 which is operativeto sense the encoded magnetic flux reversals which represent data on themagnetic stripe of a credit or debit card. As can be appreciated, anarrangement of the type shown in FIG. 10 enables the sensor 134 ifproperly aligned adjacent to the magnetic stripe of a card, to read thecard data as the card passes in and out of slot 128. Such anunauthorized reading device may be connected via radio frequency (RF) orthrough inconspicuous wiring to other devices which enable interceptionof the card data. In some situations criminals may also endeavor toobserve the input of the user's PIN corresponding to the card data so asto gain access to the account of the user.

As can be appreciated from FIG. 10 the installation of the unauthorizedcard reading device 130 changes the amount of radiation from emittingdevices 126 and that is reflected or otherwise transmitted to thesensors 128. Depending on the nature of the device and its structure,the amount or other properties of radiation may increase or decrease.However, a detectable change will often occur in the magnitude or otherproperties of sensed radiation between a present transaction and a priortransaction which was conducted prior to an unauthorized card readingdevice being installed. Of course the sensing of the magnitude ofradiation is but one example of a property of radiation that may besensed as having changed so as to indicate the presence of anunauthorized reading device.

FIG. 11 demonstrates an exemplary simplified logic flow executed by acontroller for detecting the installation of an unauthorized cardreading device. It should be understood that this transaction logic ispart of the overall operation of the machine to carry out transactions.In this exemplary logic flow the machine operates to carry out cardreading transactions in a normal manner and to additionally execute therepresented steps as a part of such logic each time a card is read. Froman initial step 136 the controller in the machine is operative to sensethat a card is in the reader within the machine in a step 138. Generallyin these circumstances the controller will be operating the radiationemitting devices 126 as the user has inserted their card and the cardhas been drawn into the machine. In this exemplary embodiment thecontroller continues to operate the radiation emitting devices andsenses the radiation level or levels sensed by one or more sensors 128.This is done in a step 140.

The controller is next operative to compare the signals corresponding tothe sensed radiation levels to one or more values in a step 142. Thiscomparison may be done a number of ways and may in some embodimentsexecute fuzzy logic so as to avoid giving false indications due toacceptable conditions such as a user having the user's finger adjacentto the card slot 28 during a portion of the transaction. In the case ofa user's finger for example, the computer may determine whether anunauthorized reading device is installed based on the nature, magnitudeand changes during a transaction in sensed radiation, along withappropriate programmed weighing factors. Of course various approachesmay be used within the scope of the concept discussed herein. However,based on the one or more comparisons in step 142 the controller isoperative to make a decision at step 144 as to whether the sensedvalue(s) compared to stored value(s) compared in step 142 have adifference that is in excess of one or more thresholds which suggestthat an unauthorized card reading device has been installed.

If the comparison does not indicate a result that exceeds thethreshold(s) the ATM transaction devices are run as normal asrepresented in a step 146. For example, a customer may be prompted toinput a PIN, and if the card data and PIN are valid, the customer may beauthorized to conduct a cash dispensing transaction through operation ofthe machine. Further in the exemplary embodiment, the controller mayoperate to adjust the stored values to some degree based on the morerecent readings. This may be appropriate in order to compensate for theeffects of dirt on the fascia or loss of intensity of the emittingdevices or other factors. This is represented in a step 148. In step 148the controller operates the ATM to conduct transaction steps in theusual manner as represented in a step 150.

If in step 144 the difference between the sensed and stored valuesexceeds the threshold(s), then this is indicative that an unauthorizedcard reading device may have been installed since the last transaction.In the exemplary embodiment when this occurs, the controller isoperative to present a warning screen to the user as represented in astep 152. This warning screen may be operative to advise the user thatan unauthorized object has been sensed adjacent to the card reader slot.This may warn a user for example that a problem is occurring.Alternatively if a user has inadvertently placed innocently some objectadjacent to the card reader slot, then the user may withdraw it. Inaddition or in the alternative, further logic steps may be executed suchas prompting a user to indicate whether or not they can see theradiation emitting devices being illuminated adjacent to the card slotand prompting the user to provide an input to indicate if such items arevisible. Additionally or in the alternative, the illuminating deviceswithin the housing 66 may be operative to cause the emitting devices tooutput words or other symbols which a user can indicate that they cansee or cannot see based on inputs provided as prompts from outputdevices of the machine. This may enable the machine to determine whetheran unauthorized reading device has been installed or whether the sensedcondition is due to other factors. It may also cause a user to note theexistence of the reading device and remove it. Of course variousapproaches could be taken depending on the programming of the machine.

If an unauthorized reading device has been detected, the controller inthe exemplary embodiment will also execute a step 154 in which a statusmessage is sent to an appropriate service provider or other entity toindicate the suspected problem. This may be done for example through useof a system like that shown in U.S. Pat. No. 5,984,178 the disclosure ofwhich is incorporated herein by reference. Alternatively messages may besent to system addresses in a manner like that shown in U.S. Pat. No.6,289,320 the disclosure of which is also incorporated herein byreference. In a step 156 the controller will also operate to record dataidentifying for the particular transaction in which there has beensuspected interception of the card holder's card data. In addition or inthe alternative, a message may be sent to the bank or other institutionalerting them to watch for activity in the user's card account forpurposes of detecting whether unauthorized use is occurring.Alternatively or in addition, some embodiments may include card readersthat change, add or write data to a user's card in cases of suspectedinterception. Such changed data may be tracked or otherwise used toassure that only a card with the modified data is useable thereafter.Alternatively or in addition, in some embodiments the modified card maybe moved in translated relation, moved irregularly or otherwise handledto reduce the risk that modified data is intercepted as the card isoutput from the machine. Of course these approaches are exemplary ofmany that may be employed.

In the exemplary embodiment the ATM is operated to conduct a transactioneven in cases where it is suspected that an unauthorized card readingdevice has been installed. This is represented in a step 158. However,in other embodiments other approaches may be taken such as refusing toconduct the transaction. Other steps may also be taken such as capturingthe user's card and advising the user that a new one will be issued.This approach may be used to minimize the risk that unauthorizedtransactions will be conducted with the card data as the card can bepromptly invalidated. Of course other approaches may be taken dependingon the programming of the machine and the desires of the systemoperator. In addition while the fraud device shown is an unauthorizedcard reading device, the principles described may also be used to detectother types of fraud devices such as for example false fascias, userinterface covers and other devices.

In some embodiments additional or alternative features and methods maybe employed to help detect the presence of unauthorized card readingdevices or other attempted fraud devices in connection with the ATM. Forexample in some embodiments an oscillation sensor may be attached to themachine to detect changes in frequency or vibration that result from theinstallation of unauthorized devices on the ATM. FIG. 10 showsschematically an oscillator 127 attached to the interior surface of theATM fascia. Oscillator 127 may be operative responsive to the controllerand suitable vibration circuitry to impart vibratory motion to thefascia in the vicinity of the card reader slot. A sensor 129 is inoperative connection with the fascia and is operative to sense at leastone parameter of the motion imparted to the fascia by the oscillator127. Although oscillator 127 and sensor 129 are shown as separatecomponents, it should be understood that in some embodiments thefunctions of the components may be performed by a single device.

The sensor 129 is in operative connection with the controller of the ATMthrough appropriate circuitry. The controller selectively activates theoscillator and the sensor 129 is operative to sense the resultingmovement of the fascia caused by the oscillation. The installation of anunauthorized card reading device or other fraud device on the ATM willgenerally result in a change in at lest one property being sensed by thesensor 129. This may include changes in amplitude, frequency or both.Alternatively or in addition, some embodiments may provide for theoscillator to impart vibration characteristics of various types orvibratory motion through a range of frequencies and/or amplitudes.Sensed values for various oscillatory driving outputs may then becompared through operation of the controller to one or more previouslystored values. Variances from prior values may be detected or analyzedthrough operation of the controller and notifications given insituations where a change has occurred which suggests the installationof an unauthorized device.

In some embodiments the controller may cause the oscillator and sensorto operate periodically to sense for installation of a possibleunauthorized device. Alternatively, the controller may cause such acheck to be made during each transaction. Alternatively in someembodiments oscillation testing may be conducted when a possibleunauthorized device is detected by sensing radiation properties. Thecontroller may operate to take various actions in response to sensing apossible unauthorized reading device through vibration, radiation orboth. For example detecting a possible fraud device by both radiationand oscillation may warrant taking different actions than only detectinga possible fraud device through only one test or condition.

In some embodiments the controller may be programmed to adjust thethresholds or other limits used for resolving the presence of a possiblefraud device for responses to changes that occur over time at themachine. This may include for example adjusting the thresholds forindicating possible fraud conditions based on the aging of theoscillator or the sensor. Such adjustments may also be based onparameters sensed by other sensors which effect vibration properties.These may include for example, the fascia temperature, air temperature,relative humidity and other properties. Of course readings from theseand other sensors may be used to adjust thresholds of the oscillationsensor, radiation sensor or other fraud device sensors. Variousapproaches may be taken depending on the particular system.

In some embodiments the oscillator may additionally or alternatively beused to prevent the unauthorized reading of card reader signals. Thismay be done for example when the banking machine has a device whichtakes a user card into the machine for purposes of reading data on thecard. In such embodiments the controller may operate to vibrate the areaof the fascia adjacent to the card reader slot when a user's card ismoving into and/or out of the slot. In such cases the vibration may beoperative to cause the generation of noise or inaccurate reading by anunauthorized card reading sensor so as to make it more difficult tointercept the card stripe data using an unauthorized reading device. Insome embodiments such vibration may also serve to disclose or make moreapparent the presence of unauthorized card reading devices. Of coursethese approaches are exemplary and in other embodiments other approachesmay be used.

In some exemplary embodiments provision may be made for detecting thepresence of unauthorized input sensing devices for sensing a user'sinputs through the keypad on the ATM. Such unauthorized input sensingdevices may be used by criminals to sense the PIN input by the user.Detecting unauthorized devices may be accomplished by providingappropriate sensing devices in or adjacent to the keypad. Such sensingdevices may be operative to detect that a structure has been placed overor adjacent to the keypad. Such sensors may be in operative connectionwith the controller in the machine or other devices which are operativeto determine the probable installation of such an unauthorized inputsensing device. In response to determining the probable installation ofsuch a device, the controller may be operative in accordance with itsprogramming to provide notification to appropriate entities, modify theoperation of the machine such as to disable operation or prevent certainoperations, or to take other appropriate actions.

FIG. 12 shows the cross-sectional view of exemplary keypad 32. Keypad 32is shown schematically, and it should be understood that not all of thecomponents of the keypad are represented. Keypad 32 includes a pluralityof keys 250. Keys 250 are moveable responsive to pressure applied by auser's finger to provide an input corresponding to alphabetical ornumerical characters. Extending between some of the keys 250 are areasor spaces 252. Extending in spaces 252 are sensors 254. In the exemplaryembodiment the sensors 254 are radiation type sensors, but as previouslydiscussed, in other embodiments other approaches may be used. Overlyingthe sensors 254 is an outer layer 256. In the exemplary embodiment,layer 256 is translucent or otherwise comprised of material so as topartially enable the transmission of radiation from the sensorstherethrough.

As represented in FIG. 13, the exemplary sensors 254 include a radiationemitter 258 and a radiation receiver 260. During operation the radiationemitter is operative to output radiation that is at least partiallyreflected from the inner surface of layer 256. The reflected radiationis received by the receiver 260. Corresponding electrical signals areproduced by the receiver, and such signals are transmitted throughappropriate circuitry so as to enable the controller to detect thechanges in signals that correspond to probable presence of anunauthorized reading device.

FIG. 14 is a schematic view of an unauthorized input intercepting device262 that has been positioned in overlying relation of a keypad 32. Theinput intercepting device 262 includes false keys 264 which are moveableand which are operatively connected to the corresponding keys 250 of thekeypad. In the exemplary embodiment, input intercepting device 262includes sensors which are operative to detect which of the false keys264 have been depressed by a user. Because the depression of the falsekeys is operative to actuate the actual keys 250, the ATM is enabled tooperate with the device 262 in place. Input intercepting device 262 inexemplary embodiments may include a wireless transmitter or othersuitable device for transmitting the input signals to a criminal who mayintercept such inputs.

As represented in FIG. 19, the input intercepting device 262 includesportions 267 which extend in the areas 252 in overlying relation oflayer 256. As represented in FIG. 15, the portion of the inputintercepting device extending in overlying relation of the layer 256 isoperative to cause a change in the amount of radiation from the emitter258 that is reflected and sensed by the receiver 260 of the sensor. Thisis because the overlying portion will have different radiationreflecting or absorbing characteristics which will change the radiationreflective properties of the layer 256 compared to when no such inputintercepting device is present. Thus the installation of theunauthorized input intercepting device can be detected.

In some exemplary embodiments the controller may be operative to sensethe level of reflected radiation at the sensors periodically. This maybe done, for example, between transactions when a user is not operatingthe terminal. This may avoid giving a false indication that anunauthorized input intercepting device has been installed when a user isresting a hand or some other item adjacent to the keypad during atransaction. Of course in other embodiments sensor readings can be takenand compared during transactions to prior values stored in a data storeto determine if a change lasting longer than normal has occurred whichsuggests that an unauthorized input intercepting device has beeninstalled rather than a user has temporarily placed their hand or someother item adjacent to the keypad. For example, in some exemplaryembodiments the controller may not resolve that there is a probableunauthorized input intercepting device on the machine until asignificant change from a prior condition is detected in the radiationproperties adjacent to the keypad on several occasions both during atransactions and thereafter. Alternatively or in addition, a controllermay be operative to determine that an improper device has been installedas a result of changes that occur during a time when no transactionshave occurred. Alternatively in other embodiments, the controller mayoperate to sense and analyze signals from the sensors responsive todetecting inputs from other sensors, such as for example an ultrasonicsensor which senses that a person has moved adjacent to the machine buthas not operated the machine to conduct a transaction. Of course theseapproaches are merely exemplary of many approaches that may be used.

It should be understood that although in the exemplary embodimentradiation type sensors are used for purposes of detection, in otherembodiments other types of sensors may be used. These include, forexample, inductance sensors, sonic sensors, RF sensors, or other typesof sensing approaches that can be used to detect the presence ofmaterial in locations that suggest an unauthorized input interceptingdevice being positioned adjacent to the keypad. Further, in someembodiments the controller or other circuitry associated with thesensors may be operative to make adjustments for normal changes that mayoccur at the machine. These may include, for example, changes with timedue to aging of emitters, the build up of dirt in the area adjacent tothe keypad, weather conditions, moisture conditions, scratching of thesurface of the sensing layer, or other conditions which may normallyoccur. Appropriate programs may be executed by the controller or othercircuitry so as to recalibrate and/or compensate for such conditions asmay occur over time while still enabling the detection of a rapid changewhich is sufficiently significant and of such duration so as to indicatethe probable installation of an unauthorized input intercepting device.Of course these approaches are exemplary of many approaches that may beused.

In other embodiments other or additional approaches to detectingfraudulent reading or other improper activities may be used. Forexample, in some embodiments the fascia of the banking machine may besubject to observation within a field of view of one or more imagingdevices such as camera 131 schematically represented in FIG. 10. Camera15 may be in operative connection with an image capture system of thetype shown in U.S. Pat. No. 6,583,813, the disclosure of which isincorporated herein by reference.

In some embodiments the controller and/or an image capture system may beoperative to execute sequences of activities responsive to triggeringevents that may be associated with attempts to install or operate frauddevices. For example, the presence of a person in front of the bankingmachine may be sensed through image analysis, weight sensors, sonicdetectors or other detectors. The person remaining in proximity to themachine for a selected period or remaining too long after a transactionmay constitute a triggering event which is operative to cause the systemto take actions in a programmed sequence. Such actions may includecapturing images from one or more additional cameras and/or moving imagedata from one or more cameras from temporary to more permanent storage.The sequence may also include capturing image data from the fascia totry to detect tampering or improper devices. Radiation or vibrationtests may also be conducted as part of a sequence. Notifications and/orimages may also be sent to certain entities or system addresses. Ofcourse these actions are exemplary.

In some exemplary embodiments the controller of the ATM or otherconnected computers may be operatively programmed to analyze conditionsthat are sensed and to determine based on the sensed conditions that afraud device is installed. Such a programmed computer may be operativeto apply certain rules such as to correlate the repeated sensing ofabnormal conditions with a possible fraud or tampering condition and toconduct tests for the presence of fraud devices. Such events mayconstitute soft triggers for sequences or other actions to detect andreduce the risk of fraud devices. Of course these approaches are merelyexemplary and in other embodiments other approaches may be used.

In some embodiments the ATM may include sensors adapted to interceptsignals from unauthorized card readers or customer input interceptingdevices. For example, some fraud devices may operate to transmit RFsignals to a nearby receiver operated by a criminal. The presence ofsuch RF signals in proximity to the ATM may be indicative of theinstallation of such a device. Such signals may be detected byappropriate circuitry and analyzed through operation of the ATMcontroller or other processor, and if it is determined that it isprobable that such a device is installed, programmed actions may betaken.

For example, in some embodiments suitable RF shielding material may beapplied to or in the fascia to reduce the level of RF interference fromdevices within the ATM at the exterior of the fascia. Antennas or otherappropriate radiation sensing devices may be positioned adjacent to orinstalled on the fascia. A change in RF radiation in the vicinity of thefascia exterior may result upon the installation of an unauthorizeddevice. The RF signals can be detected by receiver circuitry, andsignals or data corresponding thereto input to a processor. In someembodiments the circuitry may also determine the frequency of theradiation sensed to be used in resolving if it is within the rangeemitted by legitimate devices such as cell phones of users operating theATM. In other embodiments the circuitry may analyze the signals todetermine if they are varying, and the circuitry and/or the processormay evaluate whether the changes in signal correspond to the input of aPIN or a card to the ATM.

In response to the sensed signal data, the processor may operate inaccordance with its programming to evaluate the nature and character ofthe intercepted signals. For example, if the signals do not correspondto a legitimate source, such as a cell phone, the processor may operateto take actions such as to wholly or partially cease operation of theATM, capture images with a camera, and/or notify an appropriate remoteentity through operation of the ATM. Alternatively, the processor maycompare the sensed RF signals to transaction activity at the ATM. If thesensed signals are determined to be varying in ways that correspond in apattern or relationship to card or PIN inputs, for example, theprocessor may operate in accordance with its programming to cause theATM or other devices to take appropriate programmed steps.

In still other exemplary embodiments the processor may be in operativeconnection with an RF emitter. The processor may operate in accordancewith its programming to cause the emitter to generate RF signals thatinterfere with the detected signals. This can be done on a continuingbasis or alternatively only at times during user operation of the ATMwhen user inputs are likely to be intercepted. For example, theprocessor controlling the emitter may operate the ATM or be incommunication with a controller thereof. In such situations, theprocessor may operate to control the emitter to produce outputs at timeswhen a user's card is moving into or out of a card slot, and/or when theATM is accepting a user's PIN or other inputs. Thus, the emitter may beoperative to produce interfering signals during relatively brief periodsso as to not disrupt RF transmissions for an extended period in theevent an incorrect determination is made and the RF signals are from alegitimate source.

In some embodiments an emitter may be a type that transmits on aplurality of frequencies intended to disrupt transmissions within theexpected range of frequencies for a fraud device. In other embodimentsthe emitter may be controlled responsive to the processor to match thefrequency or frequencies of suspect signals that have been detected. Ofcourse these approaches are exemplary of approaches that may be used.

In the exemplary embodiment the ATM 10 is provided with enhanceddiagnostic capabilities as well as the ability for servicers to morereadily perform remedial and preventive maintenance on the machine. Thisis accomplished in an exemplary embodiment by programming the controllerand/or alternatively distributed controllers and processors associatedwith the transaction function devices, to sense and capture diagnosticdata concerning the operation of the various transaction functiondevices. In an exemplary embodiment this diagnostic data may includemore than an indication of a disabling malfunction. In some embodimentsand with regard to some transaction function devices, the data mayinclude for example instances of speed, intensity, deflection, vacuum,force, friction, pressure, sound, vibration, wear or other parametersthat may be of significance for purposes of detecting conditions thatmay be developing with regard to the machine and the transactionfunction devices contained therein. The nature of the diagnostic datathat may be obtained will depend on the particular transaction functiondevices and the capabilities thereof as well as the programming of thecontrollers within the machine.

An exemplary form of the invention includes an automated banking machinesecurity arrangement. The automated banking machine (e.g., ATM) includesa Global Positioning System (GPS). An ATM with GPS can includeself-service features enabling a user of the machine to carry outtransactions. As previously discussed, an ATM can include a cashdispenser permitting a cash withdrawal transaction. As explained in moredetail later, GPS (or some other position indicator) also enables moreefficient servicing of an ATM. Systems and methods related to themonitoring, status, and servicing of ATMs may be found in U.S. Pat. No.5,984,178, the entire disclosure of which is incorporated herein byreference.

An ATM (or each ATM in a network of ATMs) can be embedded with a GPStransceiver. The operation of a GPS is well known and need not bediscussed in detail herein. An ATM's GPS module or unit can identify thegeographical position of the ATM by using a coordinate system. Forexample, the GPS unit can read its latitude and longitude coordinateswith the use of one or more satellites. An ATM with GPS technologyallows the ATM to annunciate its location. The ATM can emit itscoordinates through a variety of known communication mechanisms.

In an exemplary arrangement, an ATM is provided with GPS to permittracking of the ATM. The tracking can be beneficial in maintainingaccurate location information on a plurality of ATMs, especially ifcertain ATMs are moved during their lifetime. As explained in moredetail herein, tracking can also be used to thwart thieves who are ableto pickup and remove an entire ATM unit.

A GPS unit (including an antenna) can be built into an ATM so that theGPS cannot be dismantled. The GPS can be connected with an ATM in amanner ensuring that the ATM's positional information (i.e.,coordinates) can continue to be conveyed. For example, criticalcomponents of the GPS (and ATM) can be battery backed to enableconveyance of the unit's position. This arrangement permits a GPSdisconnected from its main power source to still have the ability toaccurately obtain from one or more satellites the ATM position. The GPSunit may comprise a satellite phone.

An ATM computer or controller can request a reading of location datafrom the GPS unit. It should be understood that for purposes of brevity,herein a “computer” may comprise one or more computers. The GPS unit canobtain the ATM position coordinates from one or more satellites. The ATMcomputer can receive the location data from the GPS unit. The ATM cantransmit its GPS-obtained position to a service monitoring (orresponsible for) the security of the ATM. The security monitoringservice center may oversee the monitoring of plural GPS-equipped ATMs.Communication between an ATM and the security center (which may be theATM's host) can be carried out in a known manner of communication,including the use of a phone line, a proprietary line, a wirelesssystem, a satellite system, a network, an intranet, and/or the Internet.Critical components in the ATM can also be battery backed to ensurecommunication with the GPS unit and the security center. A computersoftware program operating at the security center (or in the ATM) can beused to determine if the normally stationary (or fixed) ATM terminal hasbeen improperly moved.

FIG. 16 shows a shared security/monitoring arrangement 300 for pluralATMs. The arrangement 300 includes a satellite 302, ATMs 304, 306, 308with respective GPS units 310, 312, 314, and a security/monitoringcenter 316. As previously discussed, the ATMs 304, 306, 308 can obtain aGPS reading via the satellite 302 and then transmit the read data to thesecurity center 316. For example, a GPS reading may be obtained with asatellite phone which is able to transmit the GPS data to a web siteaccessible by the security center computer. The security center 316 caninclude many different types of communication devices, including a cellphone system 318.

A stolen ATM having GPS technology enables movement of the stolen ATM tobe tracked. One or more computers operating in conjunction with asecurity center enable the current position of a moving ATM to betracked in real time. Software operating in a security center computercan be used to present the individual GPS-reported ATM positions as asimultaneous path of travel. The software can overlay the travel path ofa stolen ATM onto a road map of the surrounding area. Authorities can bekept informed as to the route of the tracked ATM. The real time overlaymap can also be downloaded (e.g., via the Internet) from the securitycenter to the authorities (e.g., police). The monitoring arrangementpermits a stolen ATM with GPS to be recovered.

The security center can be in operative connection with a databasecontaining the locations of respective ATMs stored in memory. Thesecurity center can use a computer (e.g., a host computer) to compare areceived ATM GPS location to the stored location assigned to thatparticular ATM. If the compared locations do not substantially match,then the computer can determine that the ATM was stolen and, responsivethereto, cause proper action to be initiated. The comparison may includea predetermined percentage error range to compensate for GPS readingcalibrations, fluctuations, deviations, and other factors. AdditionalGPS location data readings and location comparisons may be performed toensure accuracy before a final determination on theft is made.

FIG. 17 shows steps in a process of comparing read GPS location data tostored ATM location data. Location data for a plurality of ATMs (i.e.,ATM #1 to ATM #N) is stored in a database 320. Stored data 322 includeslocation data corresponding to the fixed or assigned location of ATM #1(e.g., ATM 304). Stored data 324 includes location data corresponding tothe fixed location of ATM #2 (e.g., ATM 306). GPS data 326 was obtainedusing the GPS unit of ATM #1. The location data in the stored data 322for ATM #1 is compared to the GPS location data 326 for ATM #1 by usinga computer 328, which may be in the security center 316. If thecomparison results in a corresponding “Yes” match, then ATM #1 isdetermined as secure 330.

However, if the comparison does not results in a corresponding match,then the security status of ATM #1 is determined as stolen. Following a“No” match, at least one of the response actions 332, 334, 336, 338 canbe executed, as explained in more detail later. That is, response to adetermination of theft one or more actions can be initiated, includingnotifying 332 the authorities about the theft, firing 334 dye packslocated in the stolen ATM, tripping 336 an alarm in the stolen ATM,and/or tracking 338 movement of the stolen ATM. It should be understoodthat a security center 316 can include the database 320 and the computer328, and cause commencing of the actions 332, 334, 336, 338.Alternatively, the database 320 can be remotely located from thesecurity center 316, yet in operative connection therewith to enable thesecurity center to request and receive location data from the database(and store data in the database).

The GPS location analysis performed by the security center 316 for aparticular ATM can be used to cause the firing of dye packs in thatparticular ATM. FIG. 18 shows the ATM 304 including a secure chest orsafe portion 340. The ATM chest 340 includes a dye pack 342 adjacent tocash 344 in a currency dispenser 346. The cash 344 may be in a currencycassette in the currency dispenser 346. The ATM chest 340 also includesa dye pack 348 adjacent to cash 350 in a cash deposit bin 352. The cashdeposit bin 352 can hold cash that was deposited by ATM users or cashthat was not taken following a cash withdrawal transaction. The GPStransceiver 310 and an ATM computer 354 are also shown. The ATM computer354 can cause firing of the dye packs 342, 348. The ATM computer 354 canbe instructed by the security center 316 to fire the dye packs 342, 348.The ATM 304 further includes movement sensors 360, 362. Although the GPSunit 310 and the ATM computer 354 are shown in the upper portion 356 ofthe ATM housing 358, it should be understood that they may be situatedinside of the secure chest portion 340 of the ATM housing (e.g., likeGPS unit 314).

Different communication methods can be used in carrying out thedetermination of whether an ATM was stolen. In one arrangement the ATMcomputer 354 can periodically obtain a regularly time-based locationreading from the GPS unit 310 (i.e., predetermined reading times). Inanother arrangement the ATM computer 354 can continuously receiveupdated GPS data from the GPS unit 310. The ATM 304 (or the GPS unit310) can transmit the read GPS location information to the securitycenter 316. The security center 316 analyzes the transmitted GPSlocation information (e.g., by performing the previously discussedlocation comparisons) to determine if inappropriate movement (e.g.,theft) involving the ATM 304 has occurred. As previously discussed,response actions 332, 334, 336, 338 can also be initiated via thesecurity center 316.

In another arrangement the ATM 304 can use the sensors 360, 362 (e.g.,motion detectors) to detect movement (e.g., tilt, lateral, vertical,and/or horizontal movement) of the ATM 304. The ATM computer 354 is inoperative connection with the sensors 360, 362 to receive informationtherefrom. In response to a sensed ATM movement, the ATM computer 354can take action to thwart the suspected theft of the ATM 304. Forexample, the ATM computer 354 can cause the dye packs 342, 348 to befired. The ATM computer 354 may notify the security center 316 of thesensed ATM movement. As previously discussed, the security center 316can initiate response actions 332, 334, 336, 338 to thwart the suspectedtheft of the ATM.

Alternatively, an analysis of GPS location information can be used toverify whether or not the sensed ATM movement was the result of the ATM304 being illegally moved from its expected location or because of someother disturbance (e.g., an earthquake). In response to a sensor 360,362 detecting movement of the ATM 304, the ATM computer 354 can requesta location reading from the GPS unit 310. The ATM 304 transmits theacquired GPS location data 326 to the computer 328 associated with thesecurity center 316. Again, the security center 316 can compare (aspreviously discussed) the GPS location data 326 to stored location data372 to determine whether the particular ATM 304 (i.e., ATM #1) wasactually moved from its foundation. Thus, both movement sensors 360, 362and GPS 310 can be used together to accurately determine whether or notan ATM 304 was stolen.

In a further arrangement the plurality of ATMs 304, 306, 308 eachinclude a wireless cell phone. FIG. 18 shows the ATM 304 including acell phone system 366. The ATM computer 354 is in operative connectionwith the cell phone 366. Each ATM can use their cell phone to call thesecurity center 316, which includes the cell phone system 318. Each ATMis also operative to receive calls from the security center 316. Thesecurity center cell phone system 318 is operative to simultaneouslycommunicate with plural ATMs via their cell phones.

The security center 316 is in operative connection with a databasehaving memory for storage of cell calling area information correspondingto each respective ATM cell phone. The stored cell calling areainformation can be in previously discussed database 320 or it can be ina separate cell database. FIG. 19 depicts an expanded portion of thedatabase 320 showing additional ATM information. The previouslydiscussed stored data 322 corresponding to ATM #1 is also depicted. ForATM #1 the identity data 370 is stored in corresponding relationshipwith the ATM's location data 372, cell phone number data 374, and callcell data 376. The database 320 enables the identity 370 of an ATM to beascertained via its stored location data 372 or by its stored cell phonenumber data 374. Likewise, an ATM location 372 can be identified via itscell phone number 374, and vice versa. That is, in the database 320 eachATM cell phone number is also stored in corresponding relationship witha respective cell calling area. For example, phone number data 374 isstored in relation with cell data 376.

The cell assigned to an ATM can be the call cell in which that ATM isphysically located. That is, the assigned cell can be the cell in whichthe cell phone (of the fixed ATM) would use to originate a phone call.The stored location data for a particular ATM can be used to determinewhich cell is to be assigned to the phone number for that particularATM. That is, the assigned cell can be based on the stored (andassigned) location. For example, the cell calling area which covers thelocation 372 of ATM #1 can be used as the cell 376 assigned to ATM #1.Using the stored location data enables the database to be quicklyupdated to reflect any changes in cell areas, cell providers, etc.

It should be understood that some ATMs may be located in the same cellcalling area. Thus, these ATMs could be assigned the same cell data inthe database 320. For example, both ATM #1 and ATM #3 could have thesame stored cell data. Contrarily, a cell in the database may beassigned to only a single cell phone number because the phone numberbelongs to an isolated distant ATM. For example, the cell data assignedto ATM #2 may be the only instance of that cell in the entire database320.

An exemplary security checking operation involving the cell phonearrangement will now be discussed. An ATM computer 354 causes the ATM'scell phone 366 to periodically call the security center cell phonesystem 318. The security center 316 uses the computer 328 (or anothercomputer) to perform an initial analysis of the received call. In anexemplary embodiment of first level security analysis, the securitycenter 316 can recognize which ATM cell phone placed the call, such asby using caller ID, etc. The security center 316 can use thisinformation to learn the cell assigned to the ATM from which the callwas made. For example, the security center 316 can use caller ID toascertain the phone number 374 belonging to a call originating from thephone of the not yet identified ATM. By knowing the phone number 374 thesecurity center 316 can use the database 320 to identify the ATM as ATM#1. The security center 316 can further use the database 320 todetermine the cell 376 assigned to ATM #1. Thus, the assigned cell 376is known.

Next, the security center 316 needs to compare the assigned cell 376 tothe used cell. The security center 316 can obtain the cell used by theATM phone. Triangulation calculations or secondary sources may be usedin obtaining the cell in which the call was made. The security centercomputer 328 can then compare the obtained cell to the cell 376 assignedto that particular ATM 370. If the compared cells do not match, then itis determined that the cell phone of ATM #1 was moved out of itsassigned cell area 376. The security level for ATM #1 can be flagged assuspect. Thus, the theft of ATM #1 can be viewed as suspect. In thefirst level of security analysis, improper movement of a particular ATMcan be suspected via the ATM's cell phone, without using the ATM's GPSunit. Although ATM #1 was used in the example, it should be understoodthat a first analysis can be applied to any of the ATMs in the ATMnetwork.

Returning to the exemplary example, following a suspicion of theft ofATM #1, the security center 316 can initiate appropriate responseactions 332, 334, 336, 338 to thwart the suspected theft, as previouslydiscussed. Alternatively, in response to the suspicion, the securitycenter 316 can begin another (second) level of security analysis on ATM#1. That is, a second analysis can be performed before a response action332, 334, 336, 338 is initiated by the security center 316. The secondanalysis can be performed to double check or validate the suspicion oftheft of ATM #1. The second analysis can be independent from the firstanalysis. The second analysis can use the GPS unit of ATM #1.

In an exemplary embodiment of second level security analysis, thesecurity center 316 submits a request to the suspect ATM #1 asking foran updated GPS reading. The request can be communicated in a mannerpreviously discussed, including using cell phone communication. In amanner previously discussed, an ATM computer 354 attempts to obtain anupdated reading with its GPS unit 310, and then transmit the updatedreading to the security center 316. The security center 316 can thencompare (as previously discussed) the updated GPS location data 326 todatabase location data 372 corresponding to the suspect ATM #1. Based onthe location comparison, the security center 316 can determine whetherthe suspected theft activity was founded. If an updated GPS reading isno longer obtainable then this information can also be a factor in thedetermination. Once a determination is made that the ATM was actuallyillegally moved (i.e., stolen), then responsive actions such asnotifying authorities 332, firing dye packs 334, starting an alarm 336,and/or ATM tracking 338 can be initiated to thwart the theft.

In other security arrangements, the ATM does not have to rely on asecurity center to perform a determination of ATM movement. In anexemplary embodiment the ATM's own computer can make the determination.

An ATM computer can have a backup battery power source. Battery sourcesfor computers are known in the art. An ATM computer 354 can have accessto location data locally stored in the ATM. For example, the ATM data322 can be stored in ATM #1 or in a security software program operatingin ATM #1. The location data 372 for ATM #1 may have been previouslydownloaded to ATM #1 for storage therein. Thus, the ATM #1 computer 354itself (instead of the security center) can run a security computerprogram to perform a comparison of the ATM's assigned location 372 tothe location obtained from the ATM's GPS reading 326. If the ATMcomputer 354 determines that the locations 372, 326 do not match, thenthe ATM computer 354 can cause an ATM alarm to trip and/or notify thesecurity center (or other authorities) regarding the theft of the ATM.Again, the security center can cause appropriate response actions 332,334, 336, 338 to be carried out.

In another security arrangement, motion sensors, GPS, and a cell phone(or cell phone modem) can be used in combination to analyze the statusof an ATM. For example, an ATM GPS unit can periodically or continuouslyreceive position readings. The GPS unit and cell phone are in operativeconnection so that the cell phone can receive GPS data from the GPS unit(even when the cell phone is in an “off” or sleep condition). Detectedmotion of the ATM (via a motion sensor) causes the cell phone to beplaced in an “on” or awakened condition (i.e., turned on). The cellphone when turned on is programmed to transmit GPS data to a satellite.The satellite can receive the transmitted data and recognize the datasender (i.e., the cell phone/ATM). The satellite can then send the GPSinformation and sender data to a web site that allows monitoring of theATM's location. That is, the web site can be accessible by a securitycenter computer.

It should be understood that various alternative combinations may beused in the exemplary embodiments. For example, a cell phone can beprogrammed to receive and transmit the GPS data. A cell phone caninclude the GPS system. Also, while motion is detected, a cell phone canbe periodically turned on (e.g., every minute) to receive and/ortransmit the GPS data. When movement of the ATM stops, so do thetransmissions. Furthermore, the cell phone can bypass the satellite tosend the GPS information (and cell phone/ATM ID data) directly to theweb site (or a database). A computer may link the GPS unit and the cellphone. Alternatively, a GPS satellite phone may be used.

An ATM's alarm can be tripped responsive to reading GPS data. The alarmcan also have a backup battery power source. An alarm controller in theATM can activate the alarm in response to the ATM's security computerprogram determining movement of the ATM via the GPS reading (and/or viaone or more movement sensors). The alarm can be audible or silent. Asilent alarm can notify a security center or authorities. An audiblealarm can have different decibel levels. A higher decibel level, whichis uncomfortable to a thief operating the getaway vehicle, may be usedwhile ATM movement is detected. The alarm can be switched to a lowerdecibel level when ATM movement is no longer detected, or vice versa.Hence, an ATM can have a plural stage audible alarm. Furthermore, knownfunctions for drawing attention to a stolen ATM or cash may additionallybe used. For example, the GPS can also be associated with tripping acash staining device (e.g., dye packs) located in the ATM.

In a further exemplary embodiment, even if an ATM 304 is stolen, thecash in its chest portion 340 (or safe) can be rendered useless to thethieves. The security system in the ATM can also monitor the sequencethat was used to open the ATM's chest 340. The security system, whichcan include the computer 354 and a software program operable in thecomputer, can recognize a normal (or permitted) chest opening sequence.The security system can also detect a non normal (or non authorized)chest opening sequence. If the chest is not opened in the propersequence, then the security system can act to have cash 344, 350 insidethe chest 340 marked in a manner indicative of stolen cash (e.g.,stained/dyed cash).

The software can be programmed to monitor of all chest openingsequences. Alternatively, the software can be programmed to initiatemonitoring of a chest opening sequence following a defection ofsuspicious (or confirmed) ATM movement.

An example of a normal sequence for accessing the cash in the chest willnow be demonstrated. The predetermined chest door opening sequence caninclude a plurality of sequence events. In the example, the ATM is firstput into a maintenance mode. Next an unlocking of the chest door occurs.This may include entering one or more correct combinations. Next thechest door handle is turned to cause an interior lock bolt to move tounlock the chest door. Then the chest door is pivoted or swung to anopen position to provide access to the chest interior. It should beunderstood that the opening of the chest door may be one of the sequenceevents. The performing of certain steps in the sequence can be aprerequisite for later steps.

Sensors can detect whether a predetermined (normal) sequence portion wascarried out. The sensors can be in operative connection with thesecurity system computer to provide feedback to the computer. Again, thesecurity system, including the computer and sensors, can operate with abackup power source, such as one or more batteries.

The computer can be informed or recognize when the ATM status conditionis in maintenance mode. Sensors can be used to detect when unlocking ofthe chest door occurs. The entering of mechanical or electroniccombinations can be sensed. Sensors can detect when the chest doorhandle is turned. Sensors can be positioned adjacent to the handle todetect movement of the handle. Motion sensors can be positioned adjacentto the lock bolt work components which (in the predetermined sequence)would need to move to permit opening of the chest door. Other sensorscan be used to detect when the chest door was moved from a closedposition to an open position. An example of a lock bolt work arrangementfor an automated banking machine may be found in U.S. Pat. No.5,784,973, the entire disclosure of which is incorporated herein byreference.

The software operated by the security system computer can analyze thesensor input to determine if any events or steps in the normal chestdoor opening sequence have been bypassed. The software can compare thesensed (performed) sequence events to the stored (expected)predetermined sequence steps. For example, the ATM computer can monitorand track sequence event occurrence. Responsive to the monitoring, thecomputer can determine whether all expected sequence events haveoccurred. The computer can assign a condition (e.g., positive ornegative) to the chest door opening status. Therefore, when opening ofthe chest door is detected, the computer can conclude whether to firethe dye packs.

In a non normal chest opening sequence the chest door was opened, butnot in the expected sequence. For example, the chest door (or otherchest components) may have been drilled or burnt to enable the chestdoor to be opened for accessing the cash. The exemplary ATM securitysystem can detect if a chest bolt was unlocked without the chest doorlock first being unlocked (or other optional prerequisite steps, e.g.,maintenance mode, combination, code access, etc.). For example, thesecurity system can detect whether the door combination was notcorrectly (or ever) entered, yet the chest's interior bolt was moved toan unlocked position. The security system can also detect whether thechest door was opened without turning of the door handle. The securitysystem can make a determination that unauthorized access was granted tothe chest interior responsive to the door being opened (or in anunlocked position enabling opening thereof) out of sequence. Thedetection of a non normal chest door opening sequence (or order) can beinterpreted as an attack against the chest (and any cash therein).

In response to a determination of an attack against the chest, the cash344, 350 inside the chest 340 can be devalued by the security system.The chest 340 includes a chest door, such as previously discussed chestdoor 18. The chest door in an open position enables a service person toaccess devices and components in the security chest interior. Thesecurity system includes a currency staining system, and a method ofactuating the staining system. For example, the security system caninclude dye packs 342, 348. The dye packs 342, 348 can be located in thechest 340 adjacent to the cash 344, 350. The security system can causethe dye packs 342, 348 to be activated (e.g., fired or exploded) torelease the dye therefrom.

The security software operating in the ATM computer 354 can beprogrammed to cause the computer 354 to initiate firing of the dye packs342, 348 in response to a determination that the door of the chest 340was opened (or moved) without following (or completion of) a requiredsequence (or pattern) for opening the chest door. That is, dye packs canbe triggered to fire upon unauthorized movement of the chest door. Thecomputer programming software in the security system can be read by thecomputer 354 to determine unauthorized chest access and initiate anelectronic firing of the dye packs.

The ATM security system computer may determine that the door openingsequence is improper prior to the chest door being opened. Thus, thecomputer may be programmed to automatically fire the dye packs when thechest door is still closed but is detected as being placed in anunlocked condition. In other programming embodiments firing of the dyepacks may not occur until the chest door is actually opened. Forexample, the computer may not determine an improper sequence until thechest door was actually opened.

In alternative embodiments the computer can issue a warning of adetected improper chest opening sequence. Such a warning can be audibleor visible (e.g., a display message, etc.). The warning may be presentedin a manner that is undetectable (silent) to the public, but detectableto an authorized service person. The warning may be presented as aflashing light at the rear of the ATM. The warning may be presented viaa cell phone call to a specific number at a security center. The warningmay be beneficial to an authorized service person who inadvertentlygenerated an out-of-sequence step. A code can be inputted to the ATM tooverride or reset the out-of-sequence programming, or disable firing ofthe dye packs. Entry of the code may be time based. For example, if thecode is not entered within a predetermine time period, then override isno longer a valid option.

Dye released from a dye pack 342, 348 is operative to deface cash (i.e.,currency or money or notes or bills) in a known manner. The size andamount of dye packs and their placement relative to cash in an ATM chestcan be strategically predetermined to ensure optimum devaluing of allthe cash in the chest upon activation of the dye packs.

New ATMs can be provided with the sequence monitoring security system.Existing ATMs can be retrofit with the security system. Because thesequence monitoring security system can be provided in some ATMs withoutneeding any additional sensors or alarm grids, it can be easy to providea low-cost retrofit. The sequence monitoring security system may beprovided as a backup to normal anti-theft detection arrangements forATMs.

As previously discussed, an ATM computer can cause dye packs to befired, such as in response to a security software program detecting animproper chest opening sequence. That is, an ATM computer can controloperation of the ATM dye packs. As previously discussed, an ATM computercan also communicate with the security center computer. Thus, thesecurity center can directly communicate instructions to the ATMcomputer, including instructions for the ATM computer to fire the dyepacks. That is, regardless of the monitored security status of a chestopening sequence, an ATM computer can be instructed by a security centerto activate the dye packs at any time. Thus, dye pack activation can beindependent of chest opening sequence monitoring.

As previously discussed, dye pack activation can be a response action334 to ATM theft. A security center 316 can use ATM GPS information 326to confirm that an ATM was stolen. Responsive to the confirmation oftheft, the security center 316 can instruct the ATM computer 354 toactuate its dye packs 344, 348. Upon the ATM computer 354 receiving theinstruction to fire the dye packs 344, 348, the ATM computer can causethe dye packs to be exploded to stain the cash 344, 350 located withinthe interior of its chest 340. Thus, the staining of money inside of anATM can be the result of a positional reading taken with a GPS unit ofthat ATM.

In another exemplary arrangement, the security center itself candirectly signal ATM dye packs to fire. That is, the security center canfire the dye packs without using the ATM computer. The security centermay cause the dye packs to be activated following a theft confirmation.The signal from the security center to a dye pack may be encrypted. Adye pack can have a trigger device (or a detonator) set to fire uponreceiving a predetermined frequency or wave. A radio frequency may beused. The frequency can be unique to a particular dye pack or a seriesof dye packs in a particular ATM. The security center can generate andtransmit the frequency. Alternatively, if the security center is too farfrom the ATM, then the security center can cause the ATM (or anothernearby source) to initiate or generate the triggering frequency.

It should be understood that the scope of the invention for determiningwhether an automated banking machine was moved is not limited to theembodiments disclosed herein. For example, image recognition, land-basedradar, and sound waves can also be used in determining whether an ATMwas stolen. A camera unit can be fixedly mounted to periodically capturean image of an ATM. The camera unit can transmit the image to a securitycenter. The security center can have an original image of the ATM storedin a database. The security center can use image recognition software tocompare the image received from the camera unit to the image in storage.Likewise, data relating to land based radar and/or sound waves can beused in determination comparisons. If compared data does not match, thenan appropriate response action can be initiated by the ATM, aspreviously discussed. Alternatively, one or more additional analyses maybe performed to confirm that the ATM was actually stolen. Theconfirmation analyses may include security comparisons alreadydiscussed, including comparisons involving data related to movementsensors, phone cells, and/or ATM GPS.

An ATM may need servicing (e.g., transaction function devicemalfunction, cash replenishment, low paper supply, predeterminedmaintenance, etc.) An ATM with GPS provides a service center (which maycomprise the security center) the ability to identify the closestservice personnel to the ATM. A dispatching program can operate in aservice center computer (or an ATM host computer). The service centercan receive both GPS information and a service request from an ATM. TheGPS information and service request may be received in the sametransmission packet. The service center can also receive (e.g., via GPS,address input, phone, voice, etc.) the current (or latest) locations ofservice personnel in the field. The dispatching program can determinewhich available service person can reach the ATM needing service thequickest. The program can match service personnel to service-needingATMs for optimum efficiency.

The dispatching program can also use received ATM GPS information togenerate optimal directions for the chosen service person to use toreach the ATM. The directions can include the most efficient route. Thedirections can be transmitted to the service person in a known manner.The dispatching program can also operate in real time with regard tocurrent traffic conditions that may influence the route decisions, andhence the servicer-to-ATM matching. Thus, the chosen servicer may notnecessarily be the closest servicer in distance. In an exemplaryembodiment, the servicer is chosen based on smallest estimated traveltime. The use of ATM GPS allows a servicer to reach an ATM in thequickest manner. The ability to quickly associate the position of an ATMneeding servicing with the current positions of available servicepersonnel results in a more efficient service dispatch. ATM operatingefficiency can be improved.

In other exemplary embodiments, an ATM can signal what type of servicingis needed. Thus, a servicer may be chosen based on smallest estimatedtravel time in conjunction with the needed skill level of the serviceperson.

It should be understood that the use of GPS for servicing applies toboth fixed and portable (or movable) ATMs. For example, a portable ATMmay be built into a vehicle that is able to drive to different sportingevents, entertainment venues, etc. The portable ATM can be used (e.g.,cash withdrawal transactions, etc.) by users at the events. Again, theability to use GPS to quickly analyze or compare the current position ofa portable ATM with the current positions of available service personnelresults in a more efficient service dispatch.

The previously discussed use of GPS enables an ATM to be installed atany location just by plugging it in. Thus, in alternative embodimentsthere is no need to keep a database on where ATMs are located, becauseGPS tracking keeps the security/service center aware of their location,especially for purposes of servicing.

The ability to locate a machine's geographical position can also be usedto enhance the usage security of other automated transaction machines(e.g., ATMs). An exemplary embodiment combines the signals of a GPSsystem with a cellular device (e.g., cell phone) to provide informationrelated to the geographical location of the cellular device user. Thatis, the exemplary embodiment includes the ability to track cellulardevices using a combination of cellular or GPS/cellular technology. Acellular device can be equipped with a GPS receiver and/or transmitter.

It should be understood that although a cell phone is used as thecellular device (or cellular object) in some exemplary embodimentsherein, other cellular devices can likewise be used. That is, a cellulardevice need not be limited to a phone. For example, an object such as acard, key, time piece, wallet, vehicle, human body, etc. may havecellular technology (and/or GPS technology) embedded therein or thereonwhich allows the location of the object to be ascertained. Celltriangulation is one method to remotely determine the current locationof a cellular object. Likewise, GPS communication is one method toremotely determine the current location of an object having GPStechnology (e.g., GPS transmitter and/or receiver).

An exemplary cellular embodiment includes the ability to obtain thegeographical location of an automated transaction machine (e.g., ATM).As previously discussed, an ATM location can be obtained via an embeddedGPS device in the ATM or a database of ATM installation locations. Thus,an ATM user's cell phone location can be compared with the ATM locationto determine if the user is an authorized user.

The arrangement can be operated independently or as part of a fraudprevention (or security) service to which an ATM cardholder can join. Amember in the fraud prevention program grants permission for his cellphone's location to be known to the provider of the security servicewhenever his account (or one of his accounts) is accessed at an ATM. Themember provides to the service provider the information (e.g., cellphone number, cell phone provider, contact options, etc.) necessary toset up the service. The service provider program can be provided by apartnership between a financial institution (e.g., bank), a transactionprocessor host, and one or more cell service providers. Alternatively,the program can be controlled by a sole proprietor.

Different types of member-selectable contact options are available. Forexample, the program can be set up to alert a member about a transactionthat is being requested on his/her account from an ATM which is notwithin reasonable proximity to his/her cell phone. The service providernotifies the member via the member's cell phone that a transaction isbeing requested at a particular ATM. Another selectable option caninclude having the service provider prevent a transaction request frombeing carried out when the ATM location and the member's cell phonelocation do not substantially correspond.

An exemplary method of operation of a fraud prevention service will nowbe explained with reference to FIG. 22. As shown, the system arrangement400 includes ATMs 402, 404, 406, an ATM host 410 in communication withthe ATMs, a cell phone locator system 412 in communication with thehost, and a member's cell phone 408.

An ATM 402 receives user identification data from a customer. Theidentification data may be received during a transaction request. Theidentification can be in the form of a name, account number, PIN, code,password, data sequence, biometric data, or some other informationlinking a person to an account. The identification can be input orprovided by the customer to the ATM 402, such as from a card or abiometric type of input (iris scan, fingerprint, etc.). Alternatively,the identification may be determined from some other customer input or acustomer item read by the ATM 402.

The ATM 402 sends the user identification data to a computer of the host410. The host computer can be part of a host system for an ATM network.Each of the ATMs being in communication with the host. The host 410 cancommunicate with other computers outside of the ATM network in carryingout a transaction.

The host 410 can determine the ATM location from a GPS device in the ATM402. Alternatively the host 410 can determine the ATM location from oneor more databases 414 that includes the locations of the ATMs in thenetwork. The host has access to the database 414. The ATM can provideits ATM ID to the host during communication with the host. For example,the ATM ID can be sent to the host when the user identification data issent to the host 410. The host can compare an ATM ID to ATM IDs in thedatabase to ascertain the location of an ATM. In other arrangements,data obtained by the host via a GPS device in an ATM may first need tobe compared with a database to ascertain the location of the ATM.

The host 410 can also determine the cell phone 408 assigned to thereceived user identification data. The database 414 links authorized ATMusers to their cell phones (and their accounts). For example, the hostcan compare received (or determined) account data to account data in thedatabase 414 to ascertain the cell phone assigned to that account.

The host 410 is in operative communication with a cell phone locatorsystem 412. The host can request the cell phone locator 412 to providethe location of the cell phone 408 corresponding to the user. The hostcan provide the cell phone locator with a cell phone number, a cellphone account number, or other information corresponding to theascertained cell phone.

The cell phone locator 412 receives the host request and determines thecurrent location of the cell phone 408. The cell phone locator can usecell triangulation to determine the current location of the cell phone.Alternatively, the cell phone locator can use a GPS device in the cellphone to determine the location of the cell phone. For example, the cellphone may receive a request from the cell phone locator to report itslocation. In response to the request, the cell phone can find itslocation (or GPS coordinates) using its GPS receiver. The cell phonethen communicates the location data to the cell phone locator usingcellular technology. Alternatively, the cell phone may transmit itslocation to the cell phone locator using (via satellite) GPS technology.Thus, the cell phone locator 412 knows the location (or GPS coordinates)of the cell phone.

The host 410 receives the location of the cell phone from cell phonelocator 412. Alternatively, the host can receive the location of thecell phone directly from the cell phone. The host can then compare thecell phone's location to the ATM's location. If the locationscorrespond, then the received user identification data is authenticated.The current ATM customer (adjacent to the ATM) is determined as anauthorized user of the account. The transaction request is approved.

If the locations do not correspond, then the current ATM customer isdenied the ability to perform transactions with that account(corresponding to the received identification data). That is, atransaction request (and/or use of the ATM) would be denied. Thesecurity arrangement prevents an unauthorized ATM user (i.e., a thief)from using an ATM card that was stolen from a service member, to performa transaction at the ATM involving the member's financial account. Thus,even if a member's ATM card and PIN are stolen by a thief, the fraudprevention service can still prevent unauthorized ATM access to funds inthe member's bank account. Because of the additional cell phone securityfeature, the thief's use of the ATM would be limited (e.g., card entry,PIN entry, etc.), and would not include theft of the member's money.

It should be understood that cell phone and ATM locations are deemed tocorrespond based on predetermined variables. Particular variables can beassigned to particular users of the fraud prevention service. Forexample, one correspondence may require that the compared locations bewithin a predetermined degree or distance from each other. In anotheracceptable correspondence arrangement, the ATM location may have to bephysically located within the same cell as the cell phone.Correspondence may also be time sensitive. For example, a member of thefraud prevention service can have their account set up such that ATMusage is only permitted during specific times of specific days. Thus,time can be another factor (or variable) that may have to be met (alongwith correspondence between cell phone location and ATM location) beforea transaction is authorized. In still other arrangements, time can bechosen by a member as the only variable. For example, a member who onlyneeds limited access to an ATM may select their ATM access time periodas limited to 9-10 a.m. on Saturday mornings. Any (fraudulent) attemptto access this person's account at an ATM outside of this designatedtime period would be denied. The fraud prevention system is flexible andenables users to select and/or change their assigned variables to meettheir particular needs and safety concerns.

An exemplary example of fraud prevention will now be explained. A personuses an ATM to request a financial transaction, such as a cashwithdrawal transaction request for $100 from a checking account. Therequest (along with other information) is transmitted from the ATM tothe transaction processor host (which may be the host computer for theATM network). As previously discussed, the host knows or can determinethe location of the ATM from which the transaction request is beingmade. The host also knows that the transaction request is from aparticular individual due to the identification (e.g., an account numberon a card) provided to the ATM during the request.

The host analyzes database records corresponding to that particularindividual. The host can determine whether the individual is a member ofthe fraud prevention program. If so, then the host also determines themember's cell phone provider. The host requests the current location ofthe member's cell phone from the cell phone provider (or a phonelocation server associated therewith). The cell phone providerdetermines the current location of the member's cell phone and thentransmits that location back to the host. The host compares the receivedcell phone location to the ATM location. If the two locations are withina predetermined range or proximity of one another then the transactionrequested is determined safe and can be authorized according to normaltransaction authorization rules in place. However, if the two locationsare not in accordance, then appropriate fraud notification rules andprocedures can be implemented.

Thus, grant/denial of an ATM transaction request involving a member'saccount can be based on that member's location. If it is concluded thatthe member is adjacent the ATM, then the transaction request is granted.Otherwise the transaction request is denied. The member's determinedlocation (via the member's cell phone location) can be used as another(or secondary) source of user identification.

A variety of additional fraud notification rules can be defined(selected) by the member, such as at the time of service protectionenrollment. In a first example, if a member (e.g., a female) has soleaccess to her account and she normally has the cell phone with her, thenshe may have selected an option in which the service provider (e.g.,bank or host operating on behalf) denies any transaction request wherethere is a mismatch between the ATM location and her cell phonelocation. With this selected option the member's cell phone may receivefrom the service provider a text message like “A transaction was justattempted against your account, but was denied due to locationdiscrepancies between the ATM in question and your cell phone. Pleasecontact us at . . . for more information.”

In the first example, an ATM may be instructed by a host to capture theinserted card responsive to a determined mismatch of locations. Further,the host itself may be programmed to notify the police of a potentialtheft in progress at the particular ATM.

In a second example, a member (e.g., a male) may share access to anaccount (such as with a spouse) and it can sometimes happen that thelocation of the designated cell phone and an ATM location may notcoincide. Therefore, the member may select a notification option whichcauses the service provider to notify the cell phone holder via a textmessage on the cell phone that “A transaction was just requested againstyour account at the ATM located at Wisconsin and M streets.” Manymethods of informing the holder that they have a text message can beused. For example, an audible (ring) or vibratory notification can beused. Additionally, messages other than in text format (e.g., a voicemessage) can be used.

If the location and/or timing of the requested ATM transaction issuspicious to the member then he can further investigate. For example,he may call his spouse for verification. If necessary, he can notify theATM's bank and/or the police. Alternatively, the host (or the securityservice) may be programmed to notify proper authorities of a potentialfraud in progress at the particular ATM Thus, the scenario iscardholder/fraud prevention-centric.

In an exemplary embodiment of the security system, a selectable optionpermits the cell phone holder to grant permission for the requested ATMtransaction (e.g., by the spouse) to be remotely authorized. Permissioncan be granted by the security system to allow the ATM transaction toproceed upon receiving a consent from the designated cell phone. Consentcan be automatically granted upon the system receiving a call from thedesignated cell phone to a certain phone number (or code) within acertain amount of time. For example, a person may initiate a consentcall after verifying that their spouse is trying to use the ATM. Theconsent call phone number (or consent code or password) is alsoselectable by a member of the fraud prevention system. The ATM may beinstructed by its host to capture an inserted card responsive to thesystem determining a mismatch of locations in combination with noreceived consent call for the ATM usage.

It should be understood that there are many other detection,notification, and consent options available. For example, an ATM with acamera can capture an image of the current ATM user at the time of thedetected discrepancy in locations between the ATM and the cell phone.The captured user image (with or without a text message) can be sent tothe designated cell phone. The person having the cell phone in theirpossession can be notified (via the phone) of the discrepancy and thatthey have access to an image of the ATM user in question. The cell phoneholder can then view the user image on a display screen of the cellphone. The image can help the cell phone holder (e.g., owner) quicklydetermine whether to grant consent to the current ATM user. Thus,consent can be image based. Communication and data transfer between thesecurity system and a designated cell phone can occur in real time.

Also, more than one cell phone can be assigned to an account. Thus, thehost can obtain the current location of plural cell phones. If the host(or another computer of the service provider) determines that one of thecell phones is currently located adjacent to the ATM then thetransaction request is permitted. This option enables both spouses (whohave respective cell phones) to separately carry out an ATM transactionwithout requiring service provider notification.

Other methods of communicating between the service provider and themember may be used. For example, a personal (human voice) phone call maybe made on behalf of the service provider notifying the service memberof the situation involving their account. The service provider can callthe cell phone number assigned to the member causing the cell phone toring. After the member answers their cell phone, the service providercan inform the member of the discrepancy situation. Instead of a liveperson, a recorded message can be used for the informing. Othercommunication formats can be used. IM (instant messaging) may be thecommunications format used to contact the member's cell phone.

Alternatively, a member's device other than their cell phone may becontacted by the service provider. For example, a notifying e-mail maybe sent (by the service provider) to the member's home PC. A voicemessage may be left on the member's home answering machine.

As discussed, different security levels of fraud detection and membernotification can be selected by the member. For example, a differentlevel of detection may use cell triangulation in placing the location ofa cell phone instead of having GPS embedded in the cell phone. The cellin which the cell phone is deemed present can be compared to the cell inwhich the ATM resides. If the cells correspond, then the transactionrequester is authenticated as an authorized user of the account. Itshould be understood that even further detection and notificationprocedures are available to members of the security system.

As previously discussed, an exemplary embodiment of the security systemenables authorization (or authentication) of ATM transactions based onthe (cellular) location of the security system member. The authorizationcan be further based on GPS location of the ATM. The exemplary securitysystem provides additional transaction security to help preventunauthorized ATM access to a financial account if it is determined thatthe location of the ATM from which the account transaction is beingrequested substantially differs from the location of the authorized userof the account. The location of the ATM can be determined via GPStechnology. The location of the authorized user can be determined viathe location of the user's cell phone. The location of the cell phonecan be determined via cellular or GPS/cellular technology.

It should be understood that the description of the security system withregard to ATMs is exemplary, but is not to be limited thereto. An ATM isone of many automated transaction machines in which the security systemcan be implemented. Likewise, the security system can be used withfacilities, such as gas stations. A positive comparison of the gasstation (or fuel pump) GPS location with the purchaser's cell phonelocation grants access to the fuel. Alternatively, a cellular device maybe located in or on a vehicle. When a person requests fuel for thevehicle, a comparison is made of the vehicle location (e.g., cellularlocation) and gas station location (e.g., GPS location). Additionally,the security system Can be used in conjunction with other transactionfacilities, including stores, restaurants, etc. The security system canbe used where location-based verification or identification of a personis needed. The security system helps to reduce or prevent unauthorizeduse of a financial account by determining whether the location at whichthe account is trying to be used substantially differs from the currentlocation of the authorized user of the account.

The security arrangement permits a method to be carried out includingthe steps of (a) receiving input with an ATM, where the inputcorresponds to an account; (b) determining a current distance of anauthorized user of the account relative to the ATM; and (c) determiningwhether the received input corresponds to the authorized user responsiveto the determination in (b). Step (c) can include determining whether acurrent ATM customer is authorized access to the account responsive to acomputer comparison of the current location of the authorized userrelative to the ATM. The determination in (c) can include comparing ATMlocation to current authorized user location. The current authorizeduser location can correspond to location of a personal item of theauthorized user, where (b) includes determining location of a personalitem of the authorized user. The current authorized user location cancorrespond to location of a cell phone of the authorized user, where (b)includes determining location of a cell phone of the authorized user.The cell phone can include a Global Positioning System (GPS) receiver,where (b) includes determining location of the cell phone via GPS. Theinput can correspond to an account of the authorized user, where (c)includes determining whether the current ATM customer is the authorizeduser. Step (a) can include receiving account data on/from a card. Step(a) can include receiving biometric input corresponding to an authorizeduser of the account.

The security arrangement permits another method to be carried outincluding the steps of (a) receiving a transaction request at anautomated transaction machine, where the transaction request isassociated with an account; (b) determining location of the automatedtransaction machine; (c) determining at least one location of at leastone authorized user of the account; (d) comparing the locationdetermined in (b) to the at least one location determined in (c); and(e) responsive to a positive comparison in (d), granting the transactionrequest received in (a).

The security arrangement permits a further method to be carried outincluding the steps of (a) receiving customer identification input withan automated transaction machine; (b) determining a first customerlocation as location of the machine, responsive to the input; (c)independent of (b), determining a second customer location as currentlocation of an item on the customer, responsive to the input; (d)comparing the first and second customer locations; and (e) responsive toa positive comparison in (d), authorizing a first customer transactionwith the machine. Step (a) can include receiving customer identificationinput with an ATM including a currency dispenser, and where (c) includesdetermining location of a cell phone.

The security arrangement permits another method to be carried outincluding the steps of (a) determining location of a portablecommunication device affiliated with an authorized customer responsiveto input to an automated transaction machine; and (b) determiningwhether the input corresponds to the authorized customer responsive torelative location between the device and the machine. The portablecommunication device can comprise a cell phone. A customer of themachine can be authorized a transaction responsive to location of thecell phone corresponding to location of the machine. The machine cancomprise an ATM.

The security arrangement permits another method to be carried outincluding the steps of (a) determining location of a cell phoneaffiliated with an authorized customer; and (b) authorizing to thecustomer a transaction with an automated transaction machine responsiveto location of the cell phone corresponding to location of the machine.

The security arrangement permits another method to be carried outincluding the steps of (a) receiving input with an automated transactionmachine, where the input is associated with a customer affiliated withan object locatable independent of operation of the machine; and (b)authorizing a customer transaction with the machine responsive tocorrespondence between location of the object and location of themachine. The object can comprise a cellular item, a GPS item, or a RFIDitem.

The security arrangement permits another method to be performedincluding the steps of (a) receiving input with an automated transactionmachine, wherein the input is associated with a customer affiliated witha remotely locatable device; (b) operating at least one computer todetermine location of the device; (c) operating the at least onecomputer to determine whether the location of the device determined instep (b) corresponds to location of the machine; and (d) responsive tocorrespondence in step (c), authorizing to the customer a transactionwith the machine.

The security arrangement permits another method to be performedincluding the steps of (a) receiving input with an automated transactionmachine, wherein the input is affiliated with a cell phone; (b)operating at least one computer to determine whether location of thecell phone corresponds to location of the machine; and (c) responsive tocorrespondence in step (b), authorizing a transaction with the machine.

The security arrangement permits another method to be performedincluding the steps of (a) receiving input with an automated transactionmachine from a person associated with a cell phone; and (b) determiningwhether the person is an authorized user of the machine using locationof the cell phone relative to location of the machine.

The security arrangement can include an apparatus comprising: a system,where the system includes a plurality of cell phones, at least onecomputer, a plurality of cash dispensing ATMs each having a GPS device,an ATM host in operative communication with and remote from the ATMs,and a cell phone locator in operative communication with and remote fromthe host; where the ATM is operative to receive user identification datafrom a customer, the host can determine a cell phone ID assigned to thereceived user identification data, the host can also determine locationdata corresponding to an ATM from either a database or from a GPS devicein the ATM, the cell phone locator can determine the current location ofa cell phone corresponding to the cell phone ID responsive to a requestfrom the host, the cell phone locator can then send the cell phone'slocation data to the host, the host can then compare the cell phone'slocation data to the ATM's location data, responsive to the comparisonthe host can either authorize the customer to perform a transaction atthe ATM if the locations correspond or deny the customer from performinga transaction at the ATM if the locations do not correspond.

The security arrangement can include another apparatus comprising: atleast one automated transaction machine, where each machine is operativeto receive account information from a customer during a transactionrequest, and a host, where the host includes at least one computer,where the host is in operative communication with the at least onemachine, where the host is operative to determine geographical locationof a transaction request at a machine responsive to account informationreceived at the machine, where the host is operative to determinegeographical location of at least one authorized user corresponding toaccount information received at a machine independent from adetermination of geographical location of a transaction request at themachine, where the host is operative to compare transaction requestgeographical location to authorized user geographical location, andwhere the host is operative to determine whether a machine customercorresponds to the at least one authorized user. The apparatus canfurther comprise a cell phone, where the host is operative to determinegeographical location of at least one authorized user via the cellphone. The cell phone can include a Global Positioning System (GPS)receiver. The apparatus can further comprise a cell phone locatorsystem, where the cell phone locator system is operative to determinethe current location of the cell phone. The host can be in operativecommunication with the cell phone locator system, where host is inoperative to request the cell phone location from the cell phone locatorsystem. The cell phone locator system is operative to provide thecurrent location of the cell phone to the host. At least one automatedtransaction machine comprises at least one automated teller machine(“ATM”), where each ATM includes a currency dispenser, and where eachcurrency dispenser is operative to dispense currency from a respectiveATM. Each ATM is operative to receive account information from acustomer during a transaction request. At least one ATM includes a GPSreceiver. The host is operative to determine geographical location of atleast one ATM via GPS data. The host is operative to compare cell phonelocation to ATM location to determine whether a current ATM customercorresponds to an authorized ATM user.

In alternative arrangements, a RFID object can be used instead of or incombination with cellular and GPS objects. An RFID object can be used toverify that the current ATM user is an authorized user. The RFID objectcan be separate from a user card. The RFID object can be used as anothersecurity level for verifying user authorization. The ATM has a RFIDreader. The user data read from the RFID object (tag) is compared toanother form of user identification (user card, user fingerprint, irisscan, other biometrics, etc.). The comparing can take place at the ATM,ATM host, or security center. The comparison can be used to determine ifthe RFID object ID and user ID correspond. A positive correspondencepermits the user to use the ATM for transactions. If the ATM is unableto obtain the necessary data from the RFID object (which is anindication that the RFID object is not adjacent the ATM) then usage ofthe ATM is denied.

The ability to locate an ATM's geographical position can also be used toprovide location-oriented services to the public. A service provider(“SP”) can provide the services. The service provider can comprise or beassociated with a previously discussed security center or servicecenter. A computer in the ATM (or the GPS system) can convey coordinatelocation data to the service provider. The service provider can storethis ATM location data in a database along with other location datacorresponding to other ATMs. Thus, the database can include thelocations of plural ATMs, including ATMs belonging to different bankingnetworks. The database may also contain location information for manyother locations that may be of public or private interest. The databasemay contain waypoint location information, e.g., stores, foodestablishments, bank branches, or even dynamic ATM-service vehiclelocations.

ATMs with GPS provide the capability to reference coordinates forATM-based map generation. The database can also store map data. Aservice provider can use a geographical starting point reference fromwhich to generate a variety of “how to get there from here” directions,which may be in the form of a map.

An ATM direction-providing service can receive a request for directionsfrom one or more entities (e.g., a person, computer, machine, etc.). Forexample, a person at a first location (e.g., a merchant store, fuelstation, restaurant, etc.) may wish to have directions to the nearestATM. The direction requester may be a person desiring to use an ATM toperform a financial transaction (e.g., cash withdrawal, reload a smartcard, etc.). Of course the individual may also be an ATM service personneeding to located a malfunctioning ATM.

The system allows a person to provide their current (or best known)location to the service provider. The current location may be providedto the service provider in numerous known ways. From this “currentlocation” information, the location service can instruct or providedirections to the person on how to get to the nearest (or desired) ATM.The service provider can also provide directions to the nearest ATMbelonging to a requested particular bank or financial institution (e.g.,a bank belonging to the requester's home banking network).

The service provider providing the directions can be a company, person,computer, and/or machine. The service provider can communicate with adirection requester via diverse communication devices and processes. Thedirection-providing service can be made available to a directionrequester via a variety of communication devices, such as PDA, cellphone, Internet, address input, input device equipped with a GPSreceiver, on-line devices, and off-line devices. Other knowntransmission processes involved in communication may be used, includinganalog, digital, wireless, radio wave, microwave, satellite, andInternet communication. For example, the service provider may use acomputer to communicate with a person via voice recognition software andspeech software. In another example, a person can wirelessly transmittheir request along with their current GPS location to thedirection-providing service over the Internet via a hand-held computer.In response, the service can download (e.g., as e-mail, PDF file, voicemail, instant message, etc.) the requested directions (e.g., a detailedmap) to the hand-held computer. In a further example, a cell phone caninclude a GPS system. The person can wirelessly transmit their requestalong with their current GPS location to the service via the cell phone.For example, when the cell phone calls a particular phone number of theservice provider for a directions request, the cell phone also transmitsits current GPS location. Alternatively, the service provider canrecognize the cell phone number via caller ID, match the cell phone'snumber to the cell phone's GPS system, obtain the cell phone's currentlocation from the cell phone's GPS system, and then transmit directionsto the nearest ATM based on the cell phone's location.

FIG. 20 shows a service provider 380 in operative connection with adatabase 390. The service provider 380 includes at least one computer382. The service provider 380 can simultaneously communicate with andprovide information to plural requesters 384, 386, 388.

The database 390 can store ATM location data 392, map data 394, andadditional data 396. Such additional data 396 may be key words orphrases, such as landmark names, points of interest, streetintersections, city sections such as Chinatown and Little Italy, etc.For example, a requester may not know their exact address location butcan inform the service provider (via their phone) that they are near theintersection of 19th and M streets. The computer 382 can recognize (suchas via voice recognition software) the received intersection as locationinformation. From the intersection information the computer 382 canprovide the requested directions. It should be understood thatdirections can also contain landmarks, points of interest, streetintersections, etc. For example, by knowing which intersection therequester is near and the (real time) visual lay out of the city, theservice provider 380 can instruct the requester that the nearest ATM isnext to a landmark that is easily visible from the intersection. Such alandmark may be a well lit (neon) sign, a bell tower, a pedestrianbridge, etc. Thus, additional stored data 396 can be used by the serviceprovider computer 382 to more accurately understand requests and providelocations/directions to requesters.

An exemplary flowchart of requesting/receiving service is shown in FIG.21. The actions performed by the requester and by the service providerare also shown. In the exemplary method a requester (e.g., a person)contacts the service provider.

The SP acknowledges the contact and asks for the person's PIN or serviceaccess code. The person provides their PIN.

The SP compares the PIN with a list of valid PINs and determines the PINacceptable. The level of service associated with the PIN is obtained.The SP asks for the person's current location. The person notifies theSP of their current location (e.g., an address, notable landmark, etc.).

The SP analyzes (e.g., voice recognition, speech to data interpretation,etc.) the provided location for best fit location comprehension. Thatis, the SP computer tries to recognize the provided location. Thecomprehended location may be compared to locations in the database todetermine if it is a usable (valid) location. If the provided locationis not usable, then the SP may ask the person to again provide thelocation, or more information may be requested to ensure locationaccuracy. For example, the SP may speak the comprehended location to theperson and ask the person to validate whether the location is correct.Once a provided location is deemed valid, then the SP can ask for theperson's request. In response, the person may request directions to thenearest available ATM.

The SP uses the database information to determine the shortest availableroute from the person's current location to the nearest ATM. The SPgenerates directions in a format capable of being received by theperson. The format can match the format in which the request wasreceived. For example, if the request was made via the person's cellphone, then the directions can be provided in a form capable of beingreceived by the person's cell phone. The SP provides the directions tothe person. The person receives the directions. It should be understoodthat in other arrangements greater or fewer steps may be carried out,and the order of the steps can vary.

The person's request for directions may be selected from a list ofoptions. For example, options may include press number 1 for informationregarding the nearest ATM, press number 2 for information regarding thenearest fee-free ATM, etc. Once the first option is input then anotherset of options may be provided to the person. The second set of optionsmay relate to the context in which the information content is to beprovided. For example, assuming that the nearest ATM was selected in thefirst option set, the second options may include press number 1 for theATM address, press number 2 for a map to the ATM, press number 3 for anoperator to guide you to the ATM, etc. Further sets of options mayfollow to ensure the desired service. The service provider can know thelevel of service available to the requester based on the provided PIN.Likewise, other information (e.g., requester's home banking network) cancorrespond to the provided PIN.

The person's communication device may partake in obtaining the person'scurrent location and in notifying the service of the current location.For example, the person's communication device may include GPS. Thetriangulation of cell areas may further be used to determine therequester's (cell phone) location. Also, a person's request fordirections may be a default request based on the manner ofcommunication. For example, a service provider may treat any personcalling their phone number as a direction requester by default. Thus, aperson may not have to actually (e.g., verbally) request directions, italready being inferred.

The direction-providing service may be a free service, a pay-as-you-useservice, and/or limited to paid subscribers. A person may have access tothe service as a result of being a valued customer of a particular bank.For example, an ATM customer that regularly incurs ATM transaction feesto the bank may receive free access to the ATM-directing service. Thebank can provide (or pay for) the service on behalf of the valuedcustomer.

The level of service may vary with the type of service to which theperson has subscribed. For example, one type of service may includehaving a personal assistant stay on a phone with the person until theycorrectly and safely reach their desired ATM, while another level ofservice may simply provide the street address of the nearest ATM.

Thus, the features and characteristics of the embodiments previouslydescribed achieve desirable results, eliminate difficulties encounteredin the use of prior devices and systems, solve problems and attain oneor more of the objectives stated above.

In the foregoing description certain terms have been used for brevity,clarity and understanding, however no unnecessary limitations are to beimplied therefrom because such terms are for descriptive purposes andare intended to be broadly construed. Moreover, the descriptions andillustrations given herein are by way of examples and the invention isnot limited to the exact details shown and described.

In the following claims any feature described as a means for performinga function shall be construed as encompassing any means capable ofperforming the recited function, and shall not be deemed limited to theparticular means shown in the foregoing description or mere equivalentsthereof.

Having described the features, discoveries and principals of theinvention, the manner in which it is constructed, operated, andutilized, and the advantages and useful results attained; the new anduseful structures, devices, elements, arrangements, parts, combinations,systems, equipment, operations, methods, processes, and relationshipsare set forth in the appended claims.

1. An apparatus comprising: an automated banking machine customer cardincluding card data corresponding to an already active financialaccount, wherein the financial account is associated with accountsettings stored in at least one data store, a mobile phone that includescard protection programming associated with the card, wherein theaccount settings are customer-changeable responsive to customer input tothe phone, to automatically turn the card off and on with regard to thecard being usable to carry out an automated banking machine transaction,wherein when the card is on, the card is usable to carry out at leastone financial transaction with an automated banking machine whichincludes  a card reader operable to read from the card, the card datacorresponding to the financial account, and  at least one cash dispenseroperable to cause cash to be dispensed from the machine during a cashdispense transaction involving the card, and the financial accountremains active to allow the customer to provide to the phone, input thatautomatically turns the card off, wherein when the card is off, the cardis unusable to carry out any financial transaction with the machine, andthe financial account remains active to allow the customer to provide tothe phone, input that automatically turns the card on, wherein the phoneallows the customer while located adjacent to the machine, toautomatically turn the financial account on to allow a financialtransaction to be carried out with the machine, and then automaticallyturn the financial account off after the financial transaction wascarried out with the machine.
 2. The apparatus according to claim 1 andfurther comprising the automated banking machine, wherein the machine ispart of a banking system, wherein the machine includes at least onebiometric reader, wherein the machine includes at least one machinecomputer, wherein the at least one machine computer is operative tocause card data read by the card reader to be compared with cardinformation stored in a user identification data store, wherein the atleast one machine computer is operative to cause customer biometric dataread by the at least one biometric reader to be compared with biometricinformation stored in a user identification data store, wherein acustomer is authorized to request a cash dispense transaction responsiveat least in part to both computer-determined correspondence between readcard data and stored card information, and computer-determinedcorrespondence between read biometric data and stored biometricinformation.
 3. The apparatus according to claim 1 wherein customerinput to the phone is operative to automatically turn the card off andon, wherein when the card is on, customer input to the phone isoperative to automatically turn the card off, wherein when the card isoff, customer input to the phone is operative to automatically turn thecard on.
 4. The apparatus according to claim 1 wherein the accountsettings can be preset by the customer to cause the card to beautomatically turned on at specific times on specific days.
 5. Theapparatus according to claim 4 wherein the account settings can bepreset by the customer to cause the card to be automatically turned offat specific times on specific days.
 6. The apparatus according to claim1 wherein the account settings allow the customer to turn the card onfor a continuous time period, wherein the time period has a start timeand an end time, wherein at the end time the card is automaticallyturned off responsive to the settings.
 7. An apparatus comprising: amobile phone that includes fraud prevention programming for an alreadyactive financial account, wherein the financial account is associatedwith customer-changeable account settings stored in at least one datastore, wherein the programming allows the phone to receive customerinput that causes the account settings to be changed, wherein customerinput to the phone is able to create a time window that is less thantwenty-four consecutive hours,  wherein within the time window  thefinancial account is available for use in carrying out cash dispensingtransactions with at least one automated banking machine that isoperable to carry out a cash dispense transaction involving thefinancial account responsive at least in part to at least one machinedata reader reading customer data usable to identify the financialaccount,  wherein outside of the time window  the financial account isunavailable for use in carrying out any cash dispensing transaction withthe at least one automated banking machine, and  the financial accountremains active to allow customer input to the phone that creates a newtime window. wherein the programming is operative to sequentially causeon a same date: a first time window to be created responsive to at leastone first customer input to the phone, the first time window to beclosed responsive to at least one second customer input to the phone, asecond time window to be created responsive to at least one thirdcustomer input to the phone, and the second time window to be closedresponsive to at least one fourth customer input to the phone.
 8. Theapparatus according to claim 7 and further comprising the at least oneautomated banking machine, wherein the at least one automated bankingmachine includes an automated banking machine, wherein the machineincludes at least one machine computer, wherein the machine includes acard reader and a biometric reader, wherein the at least one machinecomputer is operative to cause user data read by the at least one datareader to be compared with user information stored in a useridentification data store, wherein the at least one machine computer isoperative to cause biometric data read by the biometric reader to becompared with biometric information stored in the user identificationdata store, wherein a machine user is authorized to request a cashdispense transaction responsive at least in part to bothcomputer-determined correspondence between read user data and storeduser information, and computer-determined correspondence between readbiometric data and stored biometric information.
 9. The apparatusaccording to claim 7 wherein customer input to the phone is operative toautomatically turn the card off and on, wherein when the card is on,customer input to the phone is operative to automatically turn the cardoff, wherein when the card is off, customer input to the phone isoperative to automatically turn the card on, wherein the phone allowsthe customer while located adjacent to the at least one automatedbanking machine, to automatically turn the financial account on and thenautomatically turn the financial account off.
 10. The apparatusaccording to claim 9 wherein the account settings can be preset by thecustomer to cause the card to be automatically turned on at specifictimes on specific days.
 11. The apparatus according to claim 10 whereinthe account settings can be preset by the customer to cause the card tobe automatically turned off at specific times on specific days.
 12. Theapparatus according to claim 7 wherein the account settings allow thecustomer to turn the card on for a continuous time period, wherein thetime period has a start time and an end time, wherein at the end timethe card is turned off responsive to the settings.
 13. The apparatusaccording to claim 7 wherein the phone comprises a cell phone.
 14. Anapparatus comprising: a mobile phone that includes fraud preventionprogramming for an already active financial account, wherein thefinancial account is associated with account settings stored in at leastone data store, wherein the account settings are customer-changeableresponsive to user input to the phone, to allow the financial account tohave on the same date, both at least one access period,  wherein duringeach access period,  transactions attempted on the financial account arepermitted to be carried out with at least one automated banking machine that includes  at least one cash dispenser, and  at least one datareader operable to read user data usable to identify a financialaccount, and  that is operable to carry out a cash dispense transactioninvolving a financial account that corresponds to user data read by theat least one data reader, and  the financial account remains active toallow further user input to the phone to cause the account settings tobe changed, and at least one non-access period,  wherein during eachnon-access period,  all transactions attempted on the financial accountwith the at least one automated banking machine are prevented from beingcarried out, and  the financial account remains active to allow furtheruser input to the phone to cause the financial account to have an accessperiod.
 15. The apparatus according to claim 14 and further comprisingthe at least one automated banking machine, wherein the at least oneautomated banking machine includes an automated banking machine, whereinthe machine includes at least one machine computer, wherein the machineincludes a card reader and a biometric reader, wherein the at least onemachine computer is operative to cause user data read by the at leastone data reader to be compared with user information stored in a useridentification data store, wherein the at least one machine computer isoperative to cause biometric data read by the biometric reader to becompared with biometric information stored in the user identificationdata store, wherein a machine user is authorized to request a cashdispense transaction responsive at least in part to bothcomputer-determined correspondence between read user data and storeduser information, and computer-determined correspondence between readbiometric data and stored biometric information.
 16. The apparatusaccording to claim 14 wherein customer input to the phone is operativeto automatically change the account settings between an access periodand a non-access period, wherein when the financial account has anaccess period, further user input to the phone is operative toautomatically change the financial account to a non-access period,wherein when the financial account has a non-access period, further userinput to the phone is operative to automatically change the financialaccount to an access period.
 17. The apparatus according to claim 16wherein the account settings can be preset by the customer to cause thefinancial account to automatically have an access period at specifictimes on specific days.
 18. The apparatus according to claim 17 whereinthe account settings can be preset by the customer to cause thefinancial account to automatically have a non-access period at specifictimes on specific days.
 19. The apparatus according to claim 16 whereinthe programming is operative to sequentially cause the financial accountto have on a same date: a first access period responsive to first userinput to the phone, a first non-access period responsive to second userinput to the phone, a second access period responsive to third userinput to the phone, and a second non-access period responsive to fourthuser input to the phone.
 20. The apparatus according to claim 14 whereinthe account settings allow the customer to set the financial account tohave an access period for a continuous time period, wherein the timeperiod has a start time and an end time, wherein at the end time thefinancial account changes to a non-access period responsive to thesettings.